CVE-2020-37084

Sažetak

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

Reference

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/
https://web.archive.org/web/20200129123503/http://arox.in/
https://www.exploit-db.com/exploits/48392
https://www.vulncheck.com/advisories/school-erp-pro-admin-profile-photo-upload-remote-code-execution-vulnerability

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

03-02-2026 - 23:16

Objavljeno

03-02-2026 - 23:16