CVE-2024-26503

CRITICAL

Openeclass < 3.15 - Unrestricted File Upload

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-26503. PoCs published by RoboGR00t.

AI-analyzed exploit summary This is a functional exploit for CVE-2024-26503, targeting an unrestricted file upload vulnerability in Open eClass. It uploads a PHP web shell to execute arbitrary commands via a crafted GET request.

Description

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

Exploits (1)

nomisec WORKING POC 3 stars

by RoboGR00t · poc

https://github.com/RoboGR00t/Exploit-CVE-2024-26503

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-26503, targeting an unrestricted file upload vulnerability in Open eClass. It uploads a PHP web shell to execute arbitrary commands via a crafted GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open eClass

Auth required

Prerequisites: Valid Open eClass credentials · Network access to the target Open eClass instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html

Scores

CVSS v3 9.1

EPSS 0.0113

EPSS Percentile 62.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

openeclass/openeclass < 3.15

Published Mar 14, 2024

Tracked Since Feb 18, 2026