Gunet Open_eclass_platform
20 CVEs affecting Gunet Open_eclass_platform. Latest disclosed: 2026-02-03. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-37116 | High | 8.8 | 2026-02-03 | GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmi… |
CVE-2020-37113 | High | 8.8 | 2026-02-03 | GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attac… |
CVE-2026-24665 | High | 8.7 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vul… |
CVE-2026-24669 | High | 7.8 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism al… |
CVE-2026-24773 | High | 7.5 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (ID… |
CVE-2020-24381 | High | 7.5 | 2020-08-19 | GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that th… |
CVE-2026-24672 | High | 7.3 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vul… |
CVE-2020-37112 | High | 7.1 | 2026-02-03 | GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated pa… |
CVE-2026-24670 | Medium | 6.5 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability a… |
CVE-2026-24668 | Medium | 6.5 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability a… |
CVE-2026-24666 | Medium | 6.5 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vul… |
CVE-2020-37115 | Medium | 6.5 | 2026-02-03 | GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption… |
CVE-2026-24671 | Medium | 6.1 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vul… |
CVE-2021-44266 | Medium | 6.1 | 2022-06-11 | GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. |
CVE-2026-24664 | Medium | 5.3 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability al… |
CVE-2026-24667 | Medium | 5.0 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessi… |
CVE-2026-24674 | Medium | 4.7 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS)… |
CVE-2026-24774 | Medium | 4.3 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows a… |
CVE-2026-24673 | Medium | 4.3 | 2026-02-03 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnera… |
CVE-2020-37114 | Medium | 4.3 | 2026-02-03 | GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and o… |