CVE-2020-37115

MEDIUM

GUnet OpenEclass 1.7.3 - Info Disclosure

Title source: llm

Description

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Exploits (1)

exploitdb WRITEUP

by emaragkos · textwebappsphp

https://www.exploit-db.com/exploits/48163

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48163

[Product] https://www.openeclass.org/

[Release Notes] https://download.openeclass.org/files/docs/1.7/CHANGES.txt

[Third Party Advisory] https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-plaintext-password-storage

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (1)

gunet/open_eclass_platform 1.7.3

Published Feb 03, 2026

Tracked Since Feb 18, 2026