SQL Injection in Gunet Open_eclass_platform
CVE-2020-37112
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and o…
Vulnerability class: SQL Injection
EPSS: 0.003 (19.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Gunet Open_eclass_platform — versions 1.7.3
- Openeclass Gunet — versions 1.7.3
Weakness classification (CWE)
References
- disclosure@vulncheck.com (Exploit, VDB Entry, Third Party Advisory, exploit)
- disclosure@vulncheck.com (Product, product)
- disclosure@vulncheck.com (Release Notes, patch)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2020-37112?
- CVE-2020-37112 is a high-severity vulnerability in Gunet Open_eclass_platform, classified under SQL Injection. CVSS score: 7.1/10. Published 2026-02-03.
- How severe is CVE-2020-37112?
- High severity. CVSS v3 base score is 7.1 out of 10.