CVE-2020-37090

School ERP Pro 1.0 - Remote Code Execution

CVSS 8.7 HIGHEPSS 0.8%CWE-434

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

03 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Arox · School ERP Pro

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/https://web.archive.org/web/20200129123503/http://arox.in/https://www.exploit-db.com/exploits/48392 https://www.vulncheck.com/advisories/school-erp-pro-remote-code-execution