Gunet Open Eclass Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Gunet Open Eclass Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-37116 — CVSS 8.8 (high): GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can…
CVE-2020-37113 — CVSS 8.8 (high): GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to…
CVE-2026-24665 — CVSS 8.7 (high): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site…
CVE-2026-24669 — CVSS 7.8 (high): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure…
CVE-2026-24773 — CVSS 7.5 (high): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct…
CVE-2020-24381 — CVSS 7.5 (high): GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it…
CVE-2026-24672 — CVSS 7.3 (high): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site…
CVE-2020-37115 — CVSS 6.5 (medium): GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords…
CVE-2026-24666 — CVSS 6.5 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site…
CVE-2026-24670 — CVSS 6.5 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access…
CVE-2026-24668 — CVSS 6.5 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access…
CVE-2026-24671 — CVSS 6.1 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site…
CVE-2021-44266 — CVSS 6.1 (medium): GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
CVE-2026-24664 — CVSS 5.3 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username…
CVE-2026-24667 — CVSS 5.0 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to…
CVE-2026-24674 — CVSS 4.7 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected…
CVE-2026-24673 — CVSS 4.3 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload…
CVE-2020-37114 — CVSS 4.3 (medium): GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information…
CVE-2026-24774 — CVSS 4.3 (medium): The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic…