CVE-2020-37112 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated par…
High CVSS: 7.1

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
Vendor
Gunet
Product
Open Eclass Platform
CWE
CWE-89
Yayın Tarihi
2026-02-03 18:16:11
Güncelleme
2026-02-12 18:28:10
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-89 Open Eclass Platform HIGH Gunet 2026

Referanslar

https://download.openeclass.org/files/docs/1.7/CHANGES.txt https://www.exploit-db.com/exploits/48163 https://www.openeclass.org/ https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection