CVE-2020-37114

MEDIUM

GUnet OpenEclass 1.7.3 - Info Disclosure

Title source: llm

Description

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

Exploits (1)

exploitdb WRITEUP

by emaragkos · textwebappsphp

https://www.exploit-db.com/exploits/48163

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48163

[Product] https://www.openeclass.org/

[Release Notes] https://download.openeclass.org/files/docs/1.7/CHANGES.txt

[Third Party Advisory] https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-information-disclosure

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

gunet/open_eclass_platform 1.7.3

Published Feb 03, 2026

Tracked Since Feb 18, 2026