exploitDog

CVE-2020-37112

Опубликовано: 03 фев. 2026

Источник: nvd

CVSS3: 7.1

CVSS3: 6.5

EPSS Низкий

Описание

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

Ссылки

https://download.openeclass.org/files/docs/1.7/CHANGES.txt
Release Notes
https://www.exploit-db.com/exploits/48163
Exploit
Third Party Advisory
VDB Entry
https://www.openeclass.org/
Product
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gunet:open_eclass_platform:1.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00274

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-cvgp-p3c4-h952

CVSS3: 7.1

github

5 месяцев назад

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

EPSS

Процентиль: 19%

0.00274

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89