← Back

School Erp Pro

school_erp_pro

Vendor: Arox • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-37084
1Arox
1School Erp Pro
Feb 10, 2026
Feb 3, 2026
8.6 HIGH· v4
7.2 HIGH· v3
N/A· v2
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper f...Show more
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.Show less
CVE-2020-37090
1Arox
1School Erp Pro
Feb 10, 2026
Feb 3, 2026
8.7 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabl...Show more
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.Show less
CVE-2020-37089
1Arox
1School Erp Pro
Feb 10, 2026
Feb 3, 2026
7.1 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by inje...Show more
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.Show less
CVE-2020-37088
1Arox
1School Erp Pro
Feb 10, 2026
Feb 3, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configura...Show more
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.Show less
CVE-2022-32119
1Arox
1School Erp Pro
Nov 21, 2024
Jul 15, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
CVE-2022-32118
1Arox
1School Erp Pro
Nov 21, 2024
Jul 15, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.