CVE-2024-26503

EUVD-2024-23768
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
openeclassopeneclass
𝑥
≤ 3.15
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gunetopen_eclass_platform
3.15
ADP
Common Weakness Enumeration
References
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html