Openeclass

Openeclass

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-37116

Exploit
  • EPSS 0.08%
  • Veröffentlicht 03.02.2026 16:52:47
  • Zuletzt bearbeitet 10.02.2026 21:20:24

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, lead...

6.5

CVE-2020-37114

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:52:46
  • Zuletzt bearbeitet 10.02.2026 21:25:23

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclo...

6.5

CVE-2020-37112

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 16:52:45
  • Zuletzt bearbeitet 12.02.2026 18:28:10

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoi...

8.8

CVE-2020-37113

Exploit
  • EPSS 0.18%
  • Veröffentlicht 03.02.2026 16:52:45
  • Zuletzt bearbeitet 12.02.2026 18:33:09

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability ena...

7.2

CVE-2026-22241

Exploit
  • EPSS 0.21%
  • Veröffentlicht 08.01.2026 15:15:45
  • Zuletzt bearbeitet 23.01.2026 19:15:54

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upl...

9.8

CVE-2024-38530

Exploit
  • EPSS 0.76%
  • Veröffentlicht 12.08.2024 15:15:20
  • Zuletzt bearbeitet 13.08.2024 17:17:47

The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the serv...

9.8

CVE-2024-31777

Exploit
  • EPSS 30.39%
  • Veröffentlicht 13.06.2024 23:15:50
  • Zuletzt bearbeitet 18.06.2025 16:53:35

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

5.4

CVE-2024-33253

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.06.2024 23:15:50
  • Zuletzt bearbeitet 21.11.2024 09:16:41

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

9.1

CVE-2024-26503

Exploit
  • EPSS 2.16%
  • Veröffentlicht 14.03.2024 22:15:22
  • Zuletzt bearbeitet 10.06.2025 16:05:55

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

6.5

CVE-2022-33116

Exploit
  • EPSS 0.31%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:07:33

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.