Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arox vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
Arox School-erp -
6.1
CVSSv3
CVE-2022-32118
Arox School ERP Pro v1.0 exists to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
Arox School Erp Pro 1.0
1 Github repository
8.8
CVSSv3
CVE-2022-32119
Arox School ERP Pro v1.0 exists to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
Arox School Erp Pro 1.0
1 Github repository
9.8
CVSSv3
CVE-2017-15978
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
Arox School Erp Php Script 1.0
1 EDB exploit
6.5
CVSSv3
CVE-2020-8504
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
Arox School Management Software Php\\/mysql
1 Github repository
6.5
CVSSv3
CVE-2020-8505
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
Arox School Management Software Php\\/mysql
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started