CVE-2020-37112

HIGH

GUnet OpenEclass 1.7.3 - SQL Injection

Title source: llm

Description

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

Exploits (1)

exploitdb WRITEUP

by emaragkos · textwebappsphp

https://www.exploit-db.com/exploits/48163

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48163

[Product] https://www.openeclass.org/

[Release Notes] https://download.openeclass.org/files/docs/1.7/CHANGES.txt

[Third Party Advisory] https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection

Scores

CVSS v3 7.1

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

gunet/open_eclass_platform 1.7.3

Published Feb 03, 2026

Tracked Since Feb 18, 2026