CVE-2020-37114

GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure

CVSS 5.3 MEDIUMEPSS 0.3%CWE-200

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Openeclass · GUnet OpenEclass

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://download.openeclass.org/files/docs/1.7/CHANGES.txt https://www.exploit-db.com/exploits/48163 https://www.openeclass.org/https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-information-disclosure