Lucene search
+L
GunetOpen Eclass Platform

20 matches found

cve
cve
added 2026/02/03 4:58 p.m.61 views

CVE-2026-24774

Open eClass (formerly GUnet eClass) before version 4.2 is affected by a business‑logic flaw that lets authenticated students mark themselves present in attendance for activities, including those that have expired, by directly accessing a crafted URL. The issue has been patched in version 4.2. Rem...

4.3CVSS5.4AI score0.00201EPSS
cve
cve
added 2022/06/11 2:50 p.m.59 views

CVE-2021-44266

CVE-2021-44266 affects GUnet Open eClass (openeclass) prior to version 3.12.2. The vulnerability is an XSS flaw exploitable via the modules/auth/formuser.php auth parameter. Root cause and remediation details are not provided in the supplied documents.

6.1CVSS5.9AI score0.00978EPSS
Web
cve
cve
added 2020/08/19 11:50 a.m.47 views

CVE-2020-24381

GUnet Open eClass Platform (openeclass) prior to 3.11 is vulnerable to reading submitted assessments due to directory listing not being blocked and the data directory being inside the web root. This could allow remote attackers to access student submissions. The affected product/version is public...

7.5CVSS7.4AI score0.01356EPSS
cve
cve
added 2026/02/03 4:56 p.m.24 views

CVE-2026-24672

The CVE-2026-24672 entry concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, authenticated students could inject stored JavaScript into user profile fields, which executes when users with viewing privileges access affected pages. The vulnerability has been patched in ve...

7.3CVSS5.3AI score0.00182EPSS
cve
cve
added 2026/02/03 4:56 p.m.23 views

CVE-2026-24664

Open eClass (formerly GUnet eClass) is affected prior to version 4.2 by a username enumeration issue where unauthenticated attackers can determine valid accounts by observing differences in login responses. The vulnerability specifically involves the login workflow, including the /login endpoint,...

5.3CVSS5.3AI score0.0025EPSS
cve
cve
added 2026/02/03 4:52 p.m.19 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, enabling administrators to view all registered users’ usernames and passwords without encryption. This is documented across multiple connected sources (CVE-2020-37115). The impact is sensitive information exposure and potential credenti...

7.1CVSS5.3AI score0.00263EPSS
cve
cve
added 2026/02/03 4:59 p.m.19 views

CVE-2026-24668

CVE-2026-24668 affects the Open eClass platform (formerly GUnet eClass). Before version 4.2, an access-control flaw lets authenticated students add content to existing course units, an action normally restricted to higher-privileged roles. The issue is mitigated in version 4.2. Impact stated in s...

6.5CVSS5.3AI score0.00207EPSS
cve
cve
added 2026/02/03 4:52 p.m.18 views

CVE-2020-37113

GUnet OpenEclass 1.7.3 is affected by a file upload extension bypass vulnerability. Authenticated users can rename a PHP file to .php3 or .PhP to bypass the exercise submission file-type checks, upload a web shell, and achieve remote code execution on the server. This is documented across CVE-202...

8.8CVSS6.9AI score0.00781EPSS
cve
cve
added 2026/02/03 4:58 p.m.18 views

CVE-2026-24666

Open eClass (formerly GUnet eClass) is affected by a CSRF vulnerability in multiple teacher-restricted endpoints prior to version 4.2. The issue allows authenticated teachers to be induced into performing unintended actions (e.g., modifying assignment grades) via crafted requests. The vulnerabili...

6.5CVSS5.3AI score0.00151EPSS
cve
cve
added 2026/02/03 4:56 p.m.18 views

CVE-2026-24671

Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...

6.1CVSS5.3AI score0.00182EPSS
cve
cve
added 2026/02/03 4:58 p.m.17 views

CVE-2026-24665

Open eClass (formerly GUnet eClass) is affected by CVE-2026-24665 due to a stored XSS vulnerability in uploaded assignment files. Before version 4.2, authenticated students could inject JavaScript that executes when instructors view submissions. The issue has been addressed in version 4.2. Remedi...

8.7CVSS5.3AI score0.00182EPSS
cve
cve
added 2026/02/03 5:0 p.m.16 views

CVE-2026-24669

CVE-2026-24669 affects Open eClass (formerly GUnet eClass). Before version 4.2, an insecure password reset mechanism allows a local attacker to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potential account takeover. The issue is mi...

7.8CVSS5.3AI score0.00151EPSS
cve
cve
added 2026/02/03 4:57 p.m.16 views

CVE-2026-24773

The Open eClass platform (formerly GUnet eClass) before version 4.2 is affected by an Insecure Direct Object Reference (IDOR) that allows unauthenticated remote attackers to access other users’ personal files by requesting predictable user identifiers. Root cause: insufficient authorization check...

7.5CVSS5.4AI score0.00352EPSS
cve
cve
added 2026/02/03 4:52 p.m.15 views

CVE-2020-37112

CVE-2020-37112 affects GUnet OpenEclass 1.7.3. The provided documents describe multiple SQL injection vulnerabilities in the agenda module and other endpoints, exploitable by authenticated attackers to manipulate queries and extract sensitive data via error-based or time-based techniques (via the...

7.1CVSS5.6AI score0.00274EPSS
cve
cve
added 2026/02/03 4:52 p.m.14 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 ships with phpMyAdmin 2.10.0.2 by default, enabling remote login. If an attacker gains platform access, they can reach phpMyAdmin, upload a shell, and view the config.php to obtain the MySQL password, enabling full database compromise. The provided documents do not specify ...

8.8CVSS5.5AI score0.00415EPSS
cve
cve
added 2026/02/03 4:56 p.m.13 views

CVE-2026-24670

The CVE-2026-24670 entry covers the Open eClass platform (formerly GUnet eClass). Affected versions are those prior to 4.2 where a broken access control vulnerability permits authenticated students to create new course units, an action normally restricted to higher-privilege roles. The issue has ...

6.5CVSS5.3AI score0.00207EPSS
cve
cve
added 2026/02/03 4:59 p.m.12 views

CVE-2026-24667

CVE-2026-24667 concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, the system failed to invalidate active user sessions after a password change, allowing existing session tokens to remain usable and potentially granting unauthorized continued access to user accounts. Th...

5CVSS5.3AI score0.00129EPSS
cve
cve
added 2026/02/03 4:56 p.m.12 views

CVE-2026-24673

The CVE-2026-24673 entry describes a file upload validation bypass in Open eClass (formerly GUnet eClass) prior to version 4.2. Attackers could embed prohibited extensions inside ZIP archives and rely on the application's decompression to extract them, bypassing file-type checks. This issue has b...

5.3CVSS5.3AI score0.00241EPSS
cve
cve
added 2026/02/03 4:57 p.m.12 views

CVE-2026-24674

Open eClass (formerly GUnet eClass) is vulnerable to a Reflected XSS in multiple endpoints prior to version 4.2. The root cause is reflected XSS that allows an attacker to coerce authenticated users into executing arbitrary JavaScript via crafted URLs. Impact is to expose user context data and po...

6.1CVSS5.8AI score0.0018EPSS
cve
cve
added 2026/02/03 4:52 p.m.11 views

CVE-2020-37114

CVE-2020-37114 affects GUnet OpenEclass 1.7.3. The flaw arises from improper access controls and information disclosure in multiple modules, allowing both unauthenticated and authenticated users to access sensitive data (system info, application version) and view/download other users’ uploaded as...

6.5CVSS5.4AI score0.00326EPSS