CVE-2020-37115

MEDIUM

GUnet OpenEclass 1.7.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37115. PoCs published by emaragkos.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Description

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Exploits (1)

exploitdb WRITEUP
by emaragkos · textwebappsphp
https://www.exploit-db.com/exploits/48163

This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GUnet OpenEclass 1.7.3
Auth required
Prerequisites: Student or admin account for authenticated exploits · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.5
EPSS 0.0026
EPSS Percentile 17.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-256
Status published
Products (1)
gunet/open_eclass_platform 1.7.3
Published Feb 03, 2026
Tracked Since Feb 18, 2026