CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.7%

CVSS Severity

CVSS v3 Score 7.1

References

https://download.openeclass.org/files/docs/1.7/CHANGES.txt
https://www.exploit-db.com/exploits/48163
https://www.openeclass.org/
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection

Products affected by CVE-2020-37112

Gunet » Open Eclass Platform » Version: 1.7.3

cpe:2.3:a:gunet:open_eclass_platform:1.7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37112

Products

Pricing

Contact Us