← Back to CVEs
CVE-2020-37114
MEDIUM4.3
Description
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/3/2026
Last Modified2/10/2026
Sourcenvd
Honeypot Sightings0
Affected Products
gunet:open_eclass_platform
Weaknesses (CWE)
CWE-200
References
https://download.openeclass.org/files/docs/1.7/CHANGES.txt(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48163(disclosure@vulncheck.com)
https://www.openeclass.org/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-information-disclosure(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.