Skip to main content

Open Eclass Platform CVE-2026-24774

MEDIUM
Improper Enforcement of Behavioral Workflow (CWE-841)
2026-02-03 security-advisories@github.com
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 10, 2026 - 17:24 vuln.today
Public exploit code
CVE Published
Feb 03, 2026 - 18:16 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by directly accessing a crafted URL. This issue has been patched in version 4.2.

AnalysisAI

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 4.3 MEDIUM]

Technical ContextAI

Affects Open Eclass Platform. The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by directly accessing a crafted URL. This issue has been patched in version 4.2.

RemediationAI

Fixed in version 4.2.. Restrict network access to the affected service where possible.

CVE-2020-37113 HIGH POC
8.8 Feb 03

Open Eclass Platform versions up to 1.7.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

CVE-2020-37116 HIGH POC
8.8 Feb 03

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the

CVE-2026-24665 HIGH POC
8.7 Feb 03

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 8.7 HIGH]

CVE-2026-24669 HIGH POC
7.8 Feb 03

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.8 HIGH]

CVE-2026-24773 HIGH POC
7.5 Feb 03

Open Eclass Platform versions up to 4.2 is affected by authorization bypass through user-controlled key (CVSS 7.5).

CVE-2020-24381 HIGH POC
7.5 Aug 19

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessm

CVE-2026-24672 HIGH POC
7.3 Feb 03

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.3 HIGH]

CVE-2020-37112 HIGH POC
7.1 Feb 03

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate

CVE-2020-37115 MEDIUM POC
6.5 Feb 03

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usern

CVE-2026-24670 MEDIUM POC
6.5 Feb 03

Broken access control in Open eClass Platform versions prior to 4.2 allows authenticated students to create course units

CVE-2026-24668 MEDIUM POC
6.5 Feb 03

Broken access control in Open eClass Platform before version 4.2 allows authenticated students to modify course content

CVE-2026-24666 MEDIUM POC
6.5 Feb 03

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 6.5 MEDIUM]

Share

CVE-2026-24774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy