CVE-2022-32119

Published: Jul 15, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

Affected (1)

Products: Arox: School Erp Pro

Arox

1 product

School Erp Pro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Arox School Erp Pro	Version 1.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://arox.com

Source: cve@mitre.org

Not Applicable

http://school.com

Source: cve@mitre.org

Not Applicable

https://github.com/JC175/CVE-2022-32119

Source: cve@mitre.org

ExploitThird Party Advisory

http://arox.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://school.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/JC175/CVE-2022-32119

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.