VYPR
Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026

School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

CVE-2020-37084

Description

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Arox/School ERP Prov5
    Range: 1.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.