CVE-2026-24673
MEDIUM WAF: Medium
CVSS 5.3
Published: 2026-02-03
CWE-434
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the application’s built-in decompression functionality. This issue has been patched in version 4.2.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gunet | open_eclass_platform | up to 4.2 |
References
- github.com (Exploit, Vendor Advisory)