emaragkos

6 exploits Active since Feb 2026
CVE-2020-37116 EXPLOITDB HIGH text WRITEUP
GUnet OpenEclass 1.7.3 - RCE
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.
CVSS 8.8
CVE-2020-37115 EXPLOITDB MEDIUM text WRITEUP
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
CVSS 6.5
CVE-2020-37114 EXPLOITDB MEDIUM text WRITEUP
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
CVSS 4.3
CVE-2020-37113 EXPLOITDB HIGH text WRITEUP
GUnet OpenEclass 1.7.3 - Auth Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
CVSS 8.8
CVE-2020-37112 EXPLOITDB HIGH text WRITEUP
GUnet OpenEclass 1.7.3 - SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
CVSS 7.1
EIP-2026-107526 EXPLOITDB text WRITEUP
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection