Security Advisory

CVE-2020-37113

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 16:52:45

Last updated 2026-02-06 19:30:43

Assigner VulnCheck

State PUBLISHED

Description

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

← Browse all CVEs View on cve.org ↗