Open Eclass Platform@* Security Vulnerabilities and Issues — Open Eclass Platform@* CVE List

Lucene search

GunetOpen Eclass Platform*

5 matches found

CVE•added 2024/08/12 3:15 p.m.•56 views

CVE-2024-38530

The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS9.4AI score0.0059EPSS

CVE•added 2024/06/13 11:15 p.m.•52 views

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

9.8CVSS7.7AI score0.17498EPSS

CVE•added 2022/06/11 3:15 p.m.•47 views

CVE-2021-44266

GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.

6.1CVSS5.9AI score0.0066EPSS

CVE•added 2024/06/13 11:15 p.m.•43 views

CVE-2024-33253

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

6CVSS6.4AI score0.00126EPSS

CVE•added 2020/08/19 12:15 p.m.•32 views

CVE-2020-24381

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

7.5CVSS7.4AI score0.00363EPSS