Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026
School ERP Pro 1.0 - Remote Code Execution
CVE-2020-37090
Description
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.0
- Arox/School ERP Prov5Range: 1.0
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48392mitreexploit
- www.vulncheck.com/advisories/school-erp-pro-remote-code-executionmitrethird-party-advisory
- web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/mitreproduct
- web.archive.org/web/20200129123503/http://arox.in/mitreproduct
News mentions
0No linked articles in our index yet.