8.8
CVE-2020-37113
- EPSS 0.78%
- Veröffentlicht 03.02.2026 16:52:45
- Zuletzt bearbeitet 12.02.2026 18:33:09
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gunet ≫ Open Eclass Platform Version1.7.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.511 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.exploit-db.com/exploits/48163
https://www.openeclass.org/
https://download.openeclass.org/files/docs/1.7/CHANGES.txt
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-file-upload-extension-bypass