CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.3%

CVSS Severity

CVSS v3 Score 7.2

References

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/
https://web.archive.org/web/20200129123503/http://arox.in/
https://www.exploit-db.com/exploits/48392
https://www.vulncheck.com/advisories/school-erp-pro-admin-profile-photo-upload-remote-code-execution-vulnerability

Products affected by CVE-2020-37084

Arox » School Erp Pro » Version: 1.0

cpe:2.3:a:arox:school_erp_pro:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37084

Products

Pricing

Contact Us