Arox

School Erp Pro

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-37090

Exploit
  • EPSS 0.78%
  • Veröffentlicht 03.02.2026 22:16:25
  • Zuletzt bearbeitet 10.02.2026 17:00:29

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on t...

7.5

CVE-2020-37088

Exploit
  • EPSS 4.95%
  • Veröffentlicht 03.02.2026 22:16:24
  • Zuletzt bearbeitet 10.02.2026 17:03:53

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying direct...

9.8

CVE-2020-37089

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 22:16:24
  • Zuletzt bearbeitet 10.02.2026 17:02:57

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements t...

7.2

CVE-2020-37084

Exploit
  • EPSS 0.3%
  • Veröffentlicht 03.02.2026 22:09:46
  • Zuletzt bearbeitet 10.02.2026 16:59:24

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstud...

9.8

CVE-2024-4824

  • EPSS 1.29%
  • Veröffentlicht 14.05.2024 15:45:15
  • Zuletzt bearbeitet 23.10.2025 12:27:05

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to ...

6.1

CVE-2024-4823

  • EPSS 0.27%
  • Veröffentlicht 14.05.2024 15:45:14
  • Zuletzt bearbeitet 23.10.2025 12:27:00

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted Jav...

6.1

CVE-2024-4822

  • EPSS 0.13%
  • Veröffentlicht 14.05.2024 15:45:13
  • Zuletzt bearbeitet 23.10.2025 12:26:55

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session.

8.8

CVE-2022-32119

Exploit
  • EPSS 12.28%
  • Veröffentlicht 15.07.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 07:05:47

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

6.1

CVE-2022-32118

Exploit
  • EPSS 4.99%
  • Veröffentlicht 15.07.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:47

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.