CVE-2020-37090

High CVSS: 8.7

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.

Vendor

Arox

Product

School Erp Pro

CWE

CWE-434

Yayın Tarihi

2026-02-03 22:16:25

Güncelleme

2026-02-10 17:00:29

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 School Erp Pro HIGH Arox 2026

Referanslar

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20200129123503/http://arox.in/ https://www.exploit-db.com/exploits/48392 https://www.vulncheck.com/advisories/school-erp-pro-remote-code-execution

Benzer Kayıtlar

High

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitr…

High

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary file…

High

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to mani…