CVE-2026-24774
📋 TL;DR
This CVE describes a business logic vulnerability in Open eClass (formerly GUnet eClass) where authenticated students can improperly mark themselves as present in attendance activities, including expired ones, by accessing a crafted URL. This affects all Open eClass installations prior to version 4.2. The vulnerability allows students to falsify attendance records without proper authorization.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Students could systematically falsify attendance records for entire courses, compromising academic integrity and potentially affecting grading or certification that relies on attendance data.
Likely Case
Individual students occasionally marking themselves present for classes they missed, particularly for expired activities where normal attendance marking is disabled.
If Mitigated
Minimal impact with proper access controls and monitoring, though the vulnerability still exists in unpatched systems.
🎯 Exploit Status
Exploitation requires authenticated student access and knowledge of the crafted URL pattern.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-rv2x-4rc8-93jh
Restart Required: Yes
Instructions:
1. Backup your current Open eClass installation and database. 2. Download Open eClass version 4.2 or later from the official repository. 3. Follow the upgrade instructions in the Open eClass documentation. 4. Restart the web server and any related services. 5. Verify the upgrade was successful.
🔧 Temporary Workarounds
Restrict URL Access
allImplement web application firewall rules or URL filtering to block access to attendance marking endpoints for student roles.
Enhanced Logging
allEnable detailed logging for attendance-related actions and monitor for suspicious patterns.
🧯 If You Can't Patch
- Implement strict access controls to limit student access to attendance functionality.
- Regularly audit attendance records for anomalies and implement manual verification processes.
🔍 How to Verify
Check if Vulnerable:
Check your Open eClass version; if it's below 4.2, you are vulnerable. Test by attempting to mark attendance via crafted URLs as a student.Check Version:
Check the version in the Open eClass admin panel or review the installation files for version indicators.Verify Fix Applied:
After upgrading to version 4.2 or later, verify that students can no longer mark attendance via crafted URLs, especially for expired activities.📡 Detection & Monitoring
Log Indicators:
- Unusual attendance marking patterns, especially for expired activities
- Multiple attendance marks from the same student in quick succession
- Attendance marks occurring outside of normal class hours
Network Indicators:
- HTTP requests to attendance marking endpoints with crafted parameters
- Unusual spikes in requests to attendance-related URLs
SIEM Query:
source="web_server_logs" AND (url CONTAINS "/attendance/mark" OR url CONTAINS "/attendance/update") AND user_role="student" AND response_code=200