Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026
School ERP Pro 1.0 - Arbitrary File Read
CVE-2020-37088
Description
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- Arox/School ERP Prov5Range: 1.0
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48394mitreexploit
- www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-readmitrethird-party-advisory
- web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/mitreproduct
- web.archive.org/web/20200129123503/http://arox.in/mitreproduct
News mentions
0No linked articles in our index yet.