📄 Description (English)
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
🤖 AI Executive Summary
CVE-2020-37113 is a critical file upload vulnerability in GUnet OpenEclass 1.7.3 that allows authenticated users to bypass file extension restrictions and upload PHP web shells by using alternate extensions (.php3, .PhP). This enables remote code execution on affected servers. The vulnerability poses significant risk to educational institutions and organizations using this learning management system, particularly given the availability of working exploits.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 01:57
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability directly impacts Saudi educational institutions using OpenEclass, including universities under MOHE oversight and private educational platforms. Secondary impact extends to government agencies using this LMS for training programs. The vulnerability enables insider threats and compromised account scenarios to escalate to full server compromise. Risk is elevated in Saudi context due to potential data exposure of student records and institutional research data, which may trigger PDPL (Personal Data Protection Law) compliance violations. Healthcare institutions using similar LMS platforms for training are also at risk.
🏢 Affected Saudi Sectors
Education (Universities, Colleges, Training Centers)
Government (Training and Development Programs)
Healthcare (Medical Training Programs)
Corporate Training
Non-Profit Organizations
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of GUnet OpenEclass 1.7.3 in your environment using network scanning and asset inventory tools
2. Restrict access to the exercise submission feature to trusted users only
3. Implement Web Application Firewall (WAF) rules to block uploads with extensions: .php, .php3, .php4, .php5, .phtml, .PhP, .pHp, etc.
4. Monitor web server logs for suspicious file uploads and execution attempts
PATCHING:
5. Upgrade immediately to GUnet OpenEclass 1.7.4 or later version that implements proper file type validation
6. Verify patch deployment across all instances before re-enabling file upload features
COMPENSATING CONTROLS (if immediate patching not possible):
7. Disable PHP execution in upload directories via web server configuration (.htaccess or nginx config)
8. Implement strict file type validation on both client and server side using MIME type checking and magic bytes verification
9. Store uploaded files outside web root directory
10. Rename uploaded files to remove original extensions
DETECTION:
11. Deploy IDS/IPS signatures to detect .php3, .phtml, .PhP file uploads
12. Monitor for POST requests to exercise submission endpoints with suspicious file extensions
13. Alert on any PHP execution from upload directories
14. Review access logs for authenticated users uploading files with double extensions or case-variation extensions
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ GUnet OpenEclass 1.7.3 في بيئتك باستخدام أدوات المسح والجرد
2. تقييد الوصول إلى ميزة تقديم التمارين للمستخدمين الموثوقين فقط
3. تطبيق قواعد جدار حماية تطبيقات الويب لحجب التحميلات بامتدادات: .php, .php3, .php4, .php5, .phtml, .PhP, .pHp، وغيرها
4. مراقبة سجلات خادم الويب للتحميلات والمحاولات المريبة
التصحيح:
5. الترقية فوراً إلى GUnet OpenEclass 1.7.4 أو إصدار أحدث يطبق التحقق الصحيح من نوع الملف
6. التحقق من نشر التصحيح عبر جميع النسخ قبل إعادة تفعيل ميزات تحميل الملفات
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
7. تعطيل تنفيذ PHP في مجلدات التحميل عبر إعدادات خادم الويب
8. تطبيق التحقق الصارم من نوع الملف على جانب العميل والخادم باستخدام التحقق من نوع MIME
9. تخزين الملفات المحملة خارج جذر الويب
10. إعادة تسمية الملفات المحملة لإزالة الامتدادات الأصلية
الكشف:
11. نشر توقيعات IDS/IPS للكشف عن تحميلات .php3 و .phtml و .PhP
12. مراقبة طلبات POST إلى نقاط نهاية تقديم التمارين بامتدادات ملفات مريبة
13. التنبيه على أي تنفيذ PHP من مجلدات التحميل
14. مراجعة سجلات الوصول للمستخدمين المصرحين الذين يحملون ملفات بامتدادات مزدوجة أو متغيرة الحالة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Information security requirements analysis and specification
A.14.2.5 - Secure development environment
A.12.2.1 - Monitoring and logging
A.12.4.1 - Event logging
A.5.2.1 - User registration and access rights management
🔵 SAMA CSF
ID.SC-4 - Supply chain processes and practices
PR.DS-1 - Data security and privacy
PR.IP-1 - Security policy and processes
DE.CM-1 - The network is monitored to detect potential cybersecurity events
RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
A.6.1.1 - Information security policies
A.8.1.1 - User endpoint devices
A.12.4.1 - Event logging
A.14.2.1 - Secure development policy
A.14.2.5 - Secure development environment
🟣 PCI DSS v4.0.1
6.2 - Ensure all system components and software are protected from known vulnerabilities
6.5.8 - Improper access control
11.3 - Penetration testing
🔗 References & Sources 4
🔗
https://download.openeclass.org/files/docs/1.7/CHANGES.txt
disclosure@vulncheck.com
Release Notes
🔗
https://www.exploit-db.com/exploits/48163
disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
🔗
https://www.openeclass.org/
disclosure@vulncheck.com
Product
🔗
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-file-upload-e...
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
gunet:open_eclass_platform:1.7.3