PT-2026-5858 · Openclass+1 · Gunet Open Eclass+1

Emaragkos

Published

2026-02-03

Updated

2026-02-12

CVE-2020-37113

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3

Description GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web shell, leading to remote code execution. This bypass occurs because the file type checks in the exercise submission feature are not properly enforced. The vulnerable functionality involves bypassing intended file type checks.

Recommendations Apply updates to address the file extension restriction bypass in the exercise submission feature.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-37113

Affected Products

Gunet Open Eclass

Open Eclass Platform

PT-2026-5858 · Openclass+1 · Gunet Open Eclass+1

CVE-2020-37113

Weakness Enumeration

Related Identifiers

Affected Products

References · 7