Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026
School ERP Pro 1.0 - 'es_messagesid' SQL Injection
CVE-2020-37089
Description
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Arox/School ERP Prov5Range: 1.0
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48390mitreexploit
- www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injectionmitrethird-party-advisory
- web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/mitreproduct
- web.archive.org/web/20200129123503/http://arox.in/mitreproduct
News mentions
0No linked articles in our index yet.