CVE-2020-37116

Summary

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.

Affected Software

VendorProductVersion RangeStatus
OpeneclassGUnet OpenEclass1.7.3 (2007)affected

Weaknesses

  • CWE-284: Improper Access Control (phpMyAdmin Remote Access)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References