Lucene search
K

49 matches found

NVD
NVD
added 2026/02/03 10:16 p.m.8 views

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

9.8CVSS0.00773EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

9.8CVSS5.8AI score0.00335EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 10:16 p.m.7 views

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

8.7CVSS0.02564EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

7.5CVSS5.9AI score0.02564EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:9 p.m.5 views

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

8.2CVSS5.7AI score0.00335EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

8.2CVSS5.7AI score0.00335EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

9.8CVSS0.00773EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 10:1 p.m.12 views

CVE-2020-37089

CVE-2020-37089 concerns School ERP Pro 1.0 with a SQL injection in the es_messagesid parameter. The vulnerability can be exploited by sending crafted SQL via GET requests , potentially allowing attackers to extract, modify, or delete data . Root cause: improper handling of user-controlled input i...

9.8CVSS5.7AI score0.00335EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

9.8CVSS6.5AI score0.00773EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

8.7CVSS5.5AI score0.02564EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5834

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that permits authenticated administrators to upload arbitrary PHP files as profile pictures, circumventing file extension validation. This is due to inadequate file...

8.6CVSS6AI score0.00814EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5840

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro 1.0 has a file upload issue that permits students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts via the message attachment feature, leadi...

9.8CVSS6.5AI score0.00773EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Arox School ERP Pro SQL注入漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of School ERP Pro has a SQL injection vulnerability. This vulnerability stems from the esmessagesid parameter, which allows attackers to inject custom SQL statements through GET requests. As ...

9.8CVSS5.8AI score0.00335EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5839

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 contains a SQL injection issue in the es messagesid parameter. Attackers can manipulate database queries through GET requests by injecting crafted SQL statements. This could all...

9.8CVSS5.6AI score0.00335EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44413

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 p.m.7 views

CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1financemaster.inc.php...

8.8CVSS7.7AI score0.01994EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.6 views

CVE-2019-13294

AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...

10CVSS7.5AI score0.18753EPSS
Exploits1References1
NVD
NVD
added 2024/05/14 3:45 p.m.20 views

CVE-2024-4824

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

9.8CVSS9.6AI score0.00737EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 3:45 p.m.14 views

CVE-2024-4823

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...

6.5CVSS6AI score0.00471EPSS
Exploits0References1
Rows per page
Query Builder