What is the CVSS score of CVE-2020-37112?

CVE-2020-37112 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Open Eclass Platform are affected by CVE-2020-37112?

GUnet OpenEclass 1.7.3 contains SQL injection vulnerabilities that allow authenticated users to bypass security controls and access or modify sensitive database information.

Is there a public PoC exploit available for CVE-2020-37112?

Yes, a public proof-of-concept exploit is available for CVE-2020-37112. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37112?

Within 24 hours: Inventory all systems running OpenEclass 1.7.3 and assess user access logs for suspicious activity. Within 7 days: Implement WAF rules to block SQL injection payloads, restrict database user privileges, and disable non-essential features if possible. Within 30 days: Upgrade to a patched version or evaluate alternative learning management systems; conduct database integrity audit and credential reset for administrative accounts.

Open Eclass Platform CVE-2020-37112

HIGH

SQL Injection (CWE-89)

2026-02-03 disclosure@vulncheck.com

SQLi Open Eclass Platform

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 12, 2026 - 18:28 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.1

DescriptionCVE.org

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

AnalysisAI

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the unvalidated component of Open Eclass Platform. GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2020-37112 vulnerability details – vuln.today

Back