CVE-2020-37113 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attack…

High CVSS: 8.7

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Vendor

Product

Open Eclass Platform

CWE

Yayın Tarihi

2026-02-03 18:16:11

Güncelleme

2026-02-12 18:33:09

Source Identifier

disclosure@vulncheck.com

KEV Date Added

-

Kategoriler

CWE-434 Open Eclass Platform HIGH Gunet 2026

Referanslar

https://download.openeclass.org/files/docs/1.7/CHANGES.txt https://www.exploit-db.com/exploits/48163 https://www.openeclass.org/ https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-file-upload-extension-bypass

Benzer Kayıtlar

Medium

CVE-2026-24673

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…

Medium

CVE-2026-24674

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…

High

CVE-2026-24773

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…

Medium

CVE-2026-24774

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…

Medium

CVE-2026-24671

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…

High

CVE-2026-24672

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,…