7.3
CVE-2026-22241
- EPSS 3.08%
- Veröffentlicht 08.01.2026 15:15:45
- Zuletzt bearbeitet 23.01.2026 19:15:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system. The main cause of the issue is that no validation or sanitization of the file's present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openeclass ≫ Openeclass Version < 4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.08% | 0.86 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 7.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/gunet/openeclass/commit/3f9d267b79812a4dd708bb1302339e6a5abe67d9
https://github.com/gunet/openeclass/security/advisories/GHSA-rf6j-xgqp-wjxg
https://github.com/gunet/openeclass/security/advisories/GHSA-gq72-7mwg-424r
https://twelvesec.com/2026/01/16/rce-via-arbitrary-file-upload-at-open-eclass/