PT-2026-5858 · Openclass+1 · Gunet Open Eclass+1
Emaragkos
·
Publicado
2026-02-03
·
Atualizado
2026-02-12
·
CVE-2020-37113
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GUnet OpenEclass version 1.7.3
Description
GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web shell, leading to remote code execution. This bypass occurs because the file type checks in the exercise submission feature are not properly enforced. The vulnerable functionality involves bypassing intended file type checks.
Recommendations
Apply updates to address the file extension restriction bypass in the exercise submission feature.
Exploit
Correção
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gunet Open Eclass
Open Eclass Platform