Gunet Open_eclass_platform

20 CVEs affecting Gunet Open_eclass_platform. Latest disclosed: 2026-02-03. Critical: 0, High: 8.

Top CVEs affecting Gunet Open_eclass_platform
CVESeverityScorePublishedSummary
CVE-2020-37116High8.82026-02-03GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmi…
CVE-2020-37113High8.82026-02-03GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attac…
CVE-2026-24665High8.72026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vul…
CVE-2026-24669High7.82026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism al…
CVE-2026-24773High7.52026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (ID…
CVE-2020-24381High7.52020-08-19GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that th…
CVE-2026-24672High7.32026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vul…
CVE-2020-37112High7.12026-02-03GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated pa…
CVE-2026-24670Medium6.52026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability a…
CVE-2026-24668Medium6.52026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability a…
CVE-2026-24666Medium6.52026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vul…
CVE-2020-37115Medium6.52026-02-03GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption…
CVE-2026-24671Medium6.12026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vul…
CVE-2021-44266Medium6.12022-06-11GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
CVE-2026-24664Medium5.32026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability al…
CVE-2026-24667Medium5.02026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessi…
CVE-2026-24674Medium4.72026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS)…
CVE-2026-24774Medium4.32026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows a…
CVE-2026-24673Medium4.32026-02-03The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnera…
CVE-2020-37114Medium4.32026-02-03GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and o…