CVE-2020-37112 HIGH

CVE-2020-37112: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

Vendor Openeclass

Product GUnet OpenEclass

Weakness CWE-89 · SQLi

Published February 3, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

Key dates

02Disclosure timeline

February 3, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37112 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2020-37112: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE