CVE-2026-22241

Exploitation Summary

EIP tracks 5 public exploits for CVE-2026-22241. PoCs published by unico007x, XiaomingX, 0xBlackash.

AI-analyzed exploit summary This exploit demonstrates a remote code execution (RCE) vulnerability in GUnet OpenEclass E-learning platform versions prior to 4.2. It leverages an unrestricted file upload flaw in the theme options module to upload a malicious PHP shell, allowing arbitrary command execution.

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system. The main cause of the issue is that no validation or sanitization of the file's present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue.

Exploits (5)

exploitdb WORKING POC

by unico007x · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52519

View Code ZIP pw:eip

This exploit demonstrates a remote code execution (RCE) vulnerability in GUnet OpenEclass E-learning platform versions prior to 4.2. It leverages an unrestricted file upload flaw in the theme options module to upload a malicious PHP shell, allowing arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GUnet OpenEclass < 4.2

Auth required

Prerequisites: admin credentials · access to theme upload functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-22241

View Code ZIP pw:eip

This repository provides a functional exploit for CVE-2026-22241, demonstrating an unrestricted file upload vulnerability in OpenClass Educational Infrastructure leading to RCE. It includes a lab environment setup and a malicious PHP file for exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenClass Educational Infrastructure 4.0.1

Auth required

Prerequisites: administrative privileges · docker environment setup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-22241

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-22241, an unrestricted file upload vulnerability in Open eClass's Theme Import feature, leading to RCE. It includes root cause analysis, mitigation steps, and references to official advisories.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open eClass < 4.2

Auth required

Prerequisites: Administrator account · Access to the Theme Import functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 19, 2026 Full analysis →

nomisec WORKING POC

by CVEs-Labs · poc

https://github.com/CVEs-Labs/CVE-2026-22241

View Code ZIP pw:eip

This repository provides a functional exploit for CVE-2026-22241, demonstrating an unrestricted file upload vulnerability in OpenClass Educational Infrastructure leading to RCE. It includes a lab environment setup and a malicious PHP file (evil.php) that executes arbitrary commands via a GET parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenClass Educational Infrastructure 4.0.1

Auth required

Prerequisites: Administrative access to the OpenClass platform · Docker and Docker Compose installed · OpenClass 4.0.1 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec WORKING POC

by Ashifcoder · poc

https://github.com/Ashifcoder/CVE-2026-22241

View Code ZIP pw:eip

This is a functional exploit for CVE-2026-22241, an unrestricted file upload vulnerability in Open eClass. It automates authentication, ZIP file creation with a malicious PHP payload, upload, and execution of arbitrary commands via a web shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open eClass < 4.2

Auth required

Prerequisites: Valid admin credentials · Network access to the target Open eClass instance

MITRE ATT&CK