71 matches found
CVE-2020-37115
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, enabling administrators to view all registered users’ usernames and passwords without encryption. This is documented across multiple connected sources (CVE-2020-37115). The impact is sensitive information exposure and potential credenti...
CVE-2020-37114 GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can...
CVE-2020-37115 GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...
CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...
EUVD-2020-30982
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...
CVE-2020-37113 GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...
CVE-2020-37113
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...
CVE-2020-37112
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...
CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...
GUnet OpenEclass 安全漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a security vulnerability. This vulnerability stems from the storage of user credentials in plaintext, which may lead to credential leakage and unauthorized access...
GUnet OpenEclass 信息泄露漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a vulnerability related to information leakage. This vulnerability stems from improper access control and information exposure, potentially allowing unauthorized acces...
PT-2026-5860
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...
GUnet OpenEclass SQL注入漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection points in the agenda module and other endpoints, which could allow authenticated...
GUnet OpenEclass 代码问题漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a code vulnerability that allows for bypassing file extension restrictions when uploading PHP files, potentially leading to remote code execution...
PT-2026-5858
Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web...
GUnet OpenEclass 访问控制错误漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains an access control vulnerability. This vulnerability stems from the default inclusion of phpMyAdmin 2.10.0.2, which may allow attackers to obtain MySQL passwords and ga...
PT-2026-5861
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
PT-2026-5857
Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...
EUVD-2017-16416
Malware in sbrugna...
CVE-2024-33253
Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...