CVE-2020-37114

MEDIUM

GUnet OpenEclass 1.7.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37114. PoCs published by emaragkos.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Description

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

Exploits (1)

exploitdb WRITEUP

by emaragkos · textwebappsphp

https://www.exploit-db.com/exploits/48163

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: GUnet OpenEclass 1.7.3

Auth required

Prerequisites: Student or admin account for authenticated exploits · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/48163

Product product

https://www.openeclass.org/

Release Notes product

https://download.openeclass.org/files/docs/1.7/CHANGES.txt

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-information-disclosure

Scores

CVSS v3 4.3

EPSS 0.0033

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

gunet/open_eclass_platform 1.7.3

Published Feb 03, 2026

Tracked Since Feb 18, 2026