Every CVE whose affected-product data names Arox School Erp Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-37090 — CVSS 9.8 (critical): School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system…
CVE-2022-32119 — CVSS 8.8 (high): Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at…
CVE-2020-37089 — CVSS 8.2 (high): School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database…
CVE-2020-37088 — CVSS 7.5 (high): School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating…
CVE-2020-37084 — CVSS 7.2 (high): School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as…
CVE-2022-32118 — CVSS 6.1 (medium): Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in…