CVE-2024-26503

CRITICAL

Openeclass < 3.15 - Unrestricted File Upload

Title source: rule

Description

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

Exploits (1)

nomisec WORKING POC 3 stars
by RoboGR00t · poc
https://github.com/RoboGR00t/Exploit-CVE-2024-26503

References (1)

Scores

CVSS v3 9.1
EPSS 0.0216
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
openeclass/openeclass < 3.15
Published Mar 14, 2024
Tracked Since Feb 18, 2026