CVE-2020-37115

MEDIUM

GUnet OpenEclass 1.7.3 - Info Disclosure

Title source: llm

Description

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Exploits (1)

exploitdb WRITEUP

by emaragkos · textwebappsphp

https://www.exploit-db.com/exploits/48163

View Code ZIP pw:eip

References (4)

[Release Notes] https://download.openeclass.org/files/docs/1.7/CHANGES.txt

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48163

[Product] https://www.openeclass.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-plaintext-password-storage

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-256

Status published

Affected Products (1)

gunet/open_eclass_platform

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026