CVE-2020-37113 HIGH

CVE-2020-37113: GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

Vendor Openeclass
Product GUnet OpenEclass
Weakness CWE-434 · Unrestricted file upload
Published February 3, 2026
Last update February 6, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 6, 2026 Record updated