2 matches found
AROX School ERP PHP Script SQL Injection
Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
CVE-2017-15978
CVE-2017-15978 affects AROX School ERP PHP Script 1.0. The vulnerability is an SQL injection via the GET parameter id in office_admin/ (as shown in multiple sources, including Exploit-DB and CVE records). PoCs indicate time-based blind payloads (e.g., id parameter manipulation with AND SLEEP) to ...