CVE-2020-37113
File Upload Bypass in GUnet OpenEclass 1.7.3 Enables RCE
Publication date: 2026-02-03
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gunet | open_eclass_platform | 1.7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37113 is a vulnerability in GUnet OpenEclass version 1.7.3 and earlier, an e-learning platform. It allows authenticated users to bypass file extension restrictions when uploading files.'}, {'type': 'paragraph', 'content': 'By renaming a PHP file to extensions like ".php3" or ".PhP", an attacker can upload a malicious web shell. This bypass occurs because the platform fails to properly check or neutralize special elements in file names or extensions during the exercise submission feature.'}, {'type': 'paragraph', 'content': 'As a result, the attacker can execute arbitrary code remotely on the server, leading to remote code execution.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the server hosting the GUnet OpenEclass platform.
An attacker exploiting this flaw can run arbitrary code, potentially leading to full system compromise, data theft, data manipulation, or disruption of service.
Because the vulnerability requires only low privileges and no user interaction, it is relatively easy for an authenticated attacker to exploit.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying if files with suspicious PHP-related extensions such as .php3 or .PhP have been uploaded to the server, especially within the exercise submission feature of GUnet OpenEclass 1.7.3.'}, {'type': 'paragraph', 'content': 'You can use commands to search for such files on the server. For example, on a Linux system, you might run:'}, {'type': 'list_item', 'content': 'find /path/to/openeclass/uploads -type f \\( -iname "*.php3" -o -iname "*.PhP" \\)'}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for unusual requests or execution of files with these extensions can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file uploads for authenticated users until a patch is applied.
You should also implement stricter server-side validation to enforce allowed file extensions and reject files with extensions like .php3 or .PhP.
Additionally, review and remove any suspicious files with these extensions from the upload directories.
Applying any available security patches or updates from the vendor as soon as possible is critical to fully resolve the issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in GUnet OpenEclass 1.7.3 allows remote code execution by bypassing file extension restrictions, which can lead to unauthorized access and control over the server.
Such unauthorized access and potential data breaches could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity and confidentiality.
However, the provided information does not explicitly describe the direct effects on compliance with these standards.