VYPR

School ERP Pro+responsive

by Arox Solution

CVEs (4)

  • CVE-2020-37090Feb 3, 2026
    risk 0.00cvss epss 0.01

    School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.

  • CVE-2024-4824May 13, 2024
    risk 0.00cvss epss 0.01

    Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL…

  • CVE-2024-4823May 13, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an…

  • CVE-2024-4822May 13, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session.