CVE-2020-37112

HIGH

GUnet OpenEclass 1.7.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37112. PoCs published by emaragkos.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Description

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

Exploits (1)

exploitdb WRITEUP
by emaragkos · textwebappsphp
https://www.exploit-db.com/exploits/48163

This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GUnet OpenEclass 1.7.3
Auth required
Prerequisites: Student or admin account for authenticated exploits · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/48163
Product product
https://www.openeclass.org/

Scores

CVSS v3 7.1
EPSS 0.0027
EPSS Percentile 19.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
gunet/open_eclass_platform 1.7.3
Published Feb 03, 2026
Tracked Since Feb 18, 2026