CVE-2020-37116

HIGH

GUnet OpenEclass 1.7.3 - Improper Access Control via phpMyAdmin Remote Login

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37116. PoCs published by emaragkos.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Description

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.

Exploits (1)

exploitdb WRITEUP
by emaragkos · textwebappsphp
https://www.exploit-db.com/exploits/48163

This is a detailed writeup describing multiple vulnerabilities in GUnet OpenEclass 1.7.3, including SQL injection, file upload bypass, and information disclosure. It provides step-by-step exploitation details but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GUnet OpenEclass 1.7.3
Auth required
Prerequisites: Student or admin account for authenticated exploits · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0042
EPSS Percentile 33.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
gunet/open_eclass_platform 1.7.3
Published Feb 03, 2026
Tracked Since Feb 18, 2026