CVE-2020-37112

GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

CVSS 7.1 HIGHEPSS 0.3%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

03 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Openeclass · GUnet OpenEclass

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://download.openeclass.org/files/docs/1.7/CHANGES.txt https://www.exploit-db.com/exploits/48163 https://www.openeclass.org/https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection