Openeclass

openeclass

Vendor: Openeclass • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65734 1Openeclass 1Openeclass Apr 17, 2026 Mar 16, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2026-22241 1Openeclass 1Openeclass Jan 23, 2026 Jan 8, 2026 7.3 HIGH· v4 7.2 HIGH· v3 N/A· v2 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with ad...Show more The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system. The main cause of the issue is that no validation or sanitization of the file's present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue.Show less
CVE-2024-38530 1Openeclass 1Openeclass Aug 13, 2024 Aug 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to uplo...Show more The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.Show less
CVE-2024-33253 1Openeclass 1Openeclass Nov 21, 2024 Jun 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the ba...Show more Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.Show less
CVE-2024-31777 1Openeclass 1Openeclass Jun 18, 2025 Jun 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
CVE-2024-26503 1Openeclass 1Openeclass Jun 10, 2025 Mar 14, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
CVE-2022-33116 1Openeclass 1Openeclass Nov 21, 2024 Jun 27, 2022 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
CVE-2017-7389 1Openeclass 1Openeclass May 13, 2026 Apr 1, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/module...Show more Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.Show less