How to fix CVE-2020-37116?

Within 24 hours: Identify all OpenEclass 1.7.3 instances in production and document their criticality and data sensitivity. Within 7 days: Implement network-level access controls restricting phpMyAdmin URLs (typically /phpmyadmin/) to administrative networks only, and conduct immediate audit logs for unauthorized phpMyAdmin access attempts. Within 30 days: Upgrade to OpenEclass 1.7.4+ or later version that does not include phpMyAdmin, or perform a complete removal of the phpMyAdmin installation from all instances if upgrading is not immediately feasible.

Is PHP affected by CVE-2020-37116?

GUnet OpenEclass 1.7.3 installations contain a critical vulnerability in an embedded phpMyAdmin component that allows authenticated users to gain unauthorized database access and extract sensitive credentials.

CVE-2020-37116

HIGH

2026-02-03 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 21:20 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 8.8

Description

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.

Analysis

Technical Context

Classified as CWE-284 (Improper Access Control). Affects Open Eclass Platform. GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.

Affected Products

Vendor: Gunet. Product: Open Eclass Platform. Versions: up to 1.7.3.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: +20

CVE-2020-37116 vulnerability details – vuln.today

Back

CVE-2020-37116

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37116

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code