CVE-2020-37113

HIGH

GUnet OpenEclass 1.7.3 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37113. PoCs published by emaragkos.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Description

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Exploits (1)

exploitdb WRITEUP
by emaragkos · textwebappsphp
https://www.exploit-db.com/exploits/48163

This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GUnet OpenEclass 1.7.3
Auth required
Prerequisites: Student or admin account for authenticated exploits · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0078
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
gunet/open_eclass_platform 1.7.3
Published Feb 03, 2026
Tracked Since Feb 18, 2026