Lucene search
K

71 matches found

CVE
CVE
added 2026/02/03 4:52 p.m.16 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, enabling administrators to view all registered users’ usernames and passwords without encryption. This is documented across multiple connected sources (CVE-2020-37115). The impact is sensitive information exposure and potential credenti...

7.1CVSS5.3AI score0.00263EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.3 views

CVE-2020-37114 GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can...

5.3CVSS5.4AI score0.00326EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.31 views

CVE-2020-37115 GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS0.00263EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.3 views

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/03 4:52 p.m.7 views

EUVD-2020-30982

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37113 GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.29 views

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS0.00274EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

GUnet OpenEclass 安全漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a security vulnerability. This vulnerability stems from the storage of user credentials in plaintext, which may lead to credential leakage and unauthorized access...

7.1CVSS5.8AI score0.00263EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

GUnet OpenEclass 信息泄露漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a vulnerability related to information leakage. This vulnerability stems from improper access control and information exposure, potentially allowing unauthorized acces...

6.5CVSS5.8AI score0.00326EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5860

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS5.5AI score0.00263EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

GUnet OpenEclass SQL注入漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection points in the agenda module and other endpoints, which could allow authenticated...

7.1CVSS5.9AI score0.00274EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

GUnet OpenEclass 代码问题漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a code vulnerability that allows for bypassing file extension restrictions when uploading PHP files, potentially leading to remote code execution...

8.8CVSS6.2AI score0.00781EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5858

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web...

8.8CVSS6AI score0.00781EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

GUnet OpenEclass 访问控制错误漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains an access control vulnerability. This vulnerability stems from the default inclusion of phpMyAdmin 2.10.0.2, which may allow attackers to obtain MySQL passwords and ga...

8.8CVSS5.8AI score0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5861

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16416

Malware in sbrugna...

6.1CVSS6.3AI score0.00838EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.4 views

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

6CVSS6.7AI score0.00411EPSS
Exploits1References1
Rows per page
Query Builder