72 matches found
CVE-2026-4834
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
WordPress WP ERP Pro plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by kudasav in WordPress Plugin WP ERP Pro versions = 1.5.1...
CVE-2026-4834
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-4834
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
WordPress plugin WP ERP Pro SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2020-37090
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...
CVE-2020-37089
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...
CVE-2020-37088
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...
CVE-2020-37088
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...
CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...
CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...
CVE-2020-37089
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...
CVE-2020-37089
CVE-2020-37089 concerns School ERP Pro 1.0 with a SQL injection in the es_messagesid parameter. The vulnerability can be exploited by sending crafted SQL via GET requests , potentially allowing attackers to extract, modify, or delete data . Root cause: improper handling of user-controlled input i...
CVE-2020-37090
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...
CVE-2020-37088
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...
PT-2026-5834
Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that permits authenticated administrators to upload arbitrary PHP files as profile pictures, circumventing file extension validation. This is due to inadequate file...
Arox School ERP Pro SQL注入漏洞
Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of School ERP Pro has a SQL injection vulnerability. This vulnerability stems from the esmessagesid parameter, which allows attackers to inject custom SQL statements through GET requests. As ...