CVE-2020-37113

← CVEs

HIGH 8.8

Published

2026-02-03

Last Modified

2026-02-12

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Affected Applications in Environment 4

1 device

1 device

2 devices

1 device

Affected Devices 5

DPEXAN-5CD017CV Windows DPHSNG-34Y86X3 Windows DPMATH-C11312G9 Windows FL217-2-ADOTTER Windows MICHELLEUSUHP Windows

References 4

https://download.openeclass.org/files/docs/1.7/CHANGES.txt
https://www.exploit-db.com/exploits/48163
https://www.openeclass.org/
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-file-upload-extension-bypass