Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arox vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
Arox School-erp -
NA
CVE-2022-32118
Arox School ERP Pro v1.0 exists to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
Arox School Erp Pro 1.0
1 Github repository
NA
CVE-2022-32119
Arox School ERP Pro v1.0 exists to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
Arox School Erp Pro 1.0
1 Github repository
7.5
CVSSv2
CVE-2017-15978
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
Arox School Erp Php Script 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2020-8504
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
Arox School Management Software Php\\/mysql
1 Github repository
4.3
CVSSv2
CVE-2020-8505
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
Arox School Management Software Php\\/mysql
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started