Arox Solution
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15978 | Cri | 0.67 | 9.8 | 0.03 | Oct 31, 2017 | AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | ||
| CVE-2020-37090 | 0.00 | — | 0.01 | Feb 3, 2026 | School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server. | |||
| CVE-2024-4824 | 0.00 | — | 0.01 | May 13, 2024 | Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL… | |||
| CVE-2024-4823 | 0.00 | — | 0.00 | May 13, 2024 | Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an… | |||
| CVE-2024-4822 | 0.00 | — | 0.00 | May 13, 2024 | Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session. |
- risk 0.67cvss 9.8epss 0.03
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
- CVE-2020-37090Feb 3, 2026risk 0.00cvss —epss 0.01
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
- CVE-2024-4824May 13, 2024risk 0.00cvss —epss 0.01
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL…
- CVE-2024-4823May 13, 2024risk 0.00cvss —epss 0.00
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an…
- CVE-2024-4822May 13, 2024risk 0.00cvss —epss 0.00
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session.