CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://download.openeclass.org/files/docs/1.7/CHANGES.txt
https://www.exploit-db.com/exploits/48163
https://www.openeclass.org/
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-file-upload-extension-bypass

Products affected by CVE-2020-37113

Gunet » Open Eclass Platform » Version: 1.7.3

cpe:2.3:a:gunet:open_eclass_platform:1.7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37113

Products

Pricing

Contact Us