Ashifcoder

**Name of the Vulnerable Software and Affected Versions** Open eClass versions prior to 4.2 **Description** The Open eClass platform, previously known as GUnet eClass, is a course management system. Prior to version 4.2, a flaw exists in the theme import functionality that allows an attacker with administrative privileges to upload arbitrary files to the server's file system. This is due to a lack of validation or sanitization of files within uploaded zip archives, potentially leading to remote code execution on the web server. **Recommendations** Versions prior to 4.2 should be updated to version 4.2 or later.