Vulnerability Details CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.343
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-13294
-
cpe:2.3:a:arox:school-erp:-