Open Eclass Platform

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 4.3 MEDIUM]

Open Eclass Platform versions up to 4.2 is affected by authorization bypass through user-controlled key (CVSS 7.5).

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 4.7 MEDIUM]

Open Eclass Platform versions up to 4.2 is affected by unrestricted upload of file with dangerous type (CVSS 4.3).

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.3 HIGH]

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 6.1 MEDIUM]

Broken access control in Open eClass Platform versions prior to 4.2 allows authenticated students to create course units, a privilege normally reserved for instructors and administrators. An attacker with valid student credentials can escalate their capabilities within the platform by performing unauthorized administrative actions. Public exploit code exists for this vulnerability, and no patch is currently available.

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.8 HIGH]

Broken access control in Open eClass Platform before version 4.2 allows authenticated students to modify course content that should only be editable by instructors and administrators. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. An attacker with valid student credentials can escalate their privileges to alter course materials and potentially disrupt educational content integrity.

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 5.0 MEDIUM]

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 6.5 MEDIUM]

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 8.7 HIGH]

Open Eclass Platform versions up to 4.2 contains a vulnerability that allows attackers to identify valid user accounts by analyzing differences in the login response beha (CVSS 5.3).

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise. [CVSS 8.8 HIGH]

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access. [CVSS 6.5 MEDIUM]

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. [CVSS 4.3 MEDIUM]

Open Eclass Platform versions up to 1.7.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 7.1 HIGH]