exploitDog

CVE-2020-37088

Опубликовано: 03 фев. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Ссылки

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/
Product
https://web.archive.org/web/20200129123503/http://arox.in/
Product
https://www.exploit-db.com/exploits/48394
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arox:school_erp_pro:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02564

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-h3gp-whxh-7hq8

CVSS3: 7.5

github

5 месяцев назад

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

EPSS

Процентиль: 83%

0.02564

Низкий

7.5 High

CVSS3

Дефекты

CWE-22