Arox School ERP Pro 代码问题漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of Arox School ERP Pro has code-related vulnerabilities. These vulnerabilities stem from a file upload vulnerability in the message attachment function, which allows students to upload any PH...

Arox School ERP Pro SQL注入漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of School ERP Pro has a SQL injection vulnerability. This vulnerability stems from the esmessagesid parameter, which allows attackers to inject custom SQL statements through GET requests. As ...

Arox School ERP Pro 代码问题漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of Arox School ERP Pro has a code vulnerability. This vulnerability stems from improper file validation in the pre-editstudent.inc.php file. It allows authenticated administrator users to...

EUVD-2017-7394

Malware in sbrugna...

EUVD-2022-53367

Malicious code in bioql PyPI...

CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1financemaster.inc.php...

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

CVE-2019-13294

AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...

CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1financemaster.inc.php...

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

Cross site scripting

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

CVE-2022-32118

The CVE-2022-32118 entry concerns Arox School ERP Pro v1.0, where a cross-site scripting (XSS) vulnerability exists in the backoffice.inc.php file, exploitable via the dispatchcategory parameter. The issue is triggered by unsanitized input passed to dispatchcategory, enabling potentially crafted ...

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...