Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Arox Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32119 1 Arox 1 School Erp Pro 2024-11-21 N/A 8.8 HIGH
Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
CVE-2022-32118 1 Arox 1 School Erp Pro 2024-11-21 N/A 6.1 MEDIUM
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
CVE-2020-8505 1 Arox 1 School Management Software Php\/mysql 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
CVE-2020-8504 1 Arox 1 School Management Software Php\/mysql 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
CVE-2019-13294 1 Arox 1 School-erp 2024-11-21 10.0 HIGH 9.8 CRITICAL
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
CVE-2017-15978 1 Arox 1 School Erp Php Script 2024-11-21 7.5 HIGH 9.8 CRITICAL
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024