CVE-2020-37114 | THREATINT

Description

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-03 | Updated 2026-02-06 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

1.7.3 (2007)

affected

Credits

emaragkos finder

References

www.exploit-db.com/exploits/48163 (ExploitDB-48163) exploit

www.openeclass.org/ (Official Vendor Homepage) product

download.openeclass.org/files/docs/1.7/CHANGES.txt (Changelog) product

www.vulncheck.com/...earning-platform-information-disclosure (VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure) third-party-advisory

cve.org (CVE-2020-37114)

nvd.nist.gov (CVE-2020-37114)

Download JSON