CNNVD-202602-206 Information
CNNVD ID
CNNVD-202602-206
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Arox School ERP Pro是Arox公司的一个一站式自动化管理平台。 Arox School ERP Pro 1.0版本存在代码问题漏洞,该漏洞源于pre-editstudent.inc.php中的文件验证不当,可能导致经过身份验证的管理员用户上传任意PHP文件作为个人资料照片,从而在服务器上执行任意代码。
Description (English)
Arox School ERP Pro is a one-stop automated management platform for Arox. There is a code gap in version 1.0 of Abox School ERP Pro, which stems from the improper authentication of documents in pre-identitcent.inc.php, which may lead to the uploading of any PHP file as a personal data photograph by an accredited administrator ’ s user, thus enforcing any code on the server.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Arox
Published
2026-02-03
Last Modified
2026-02-24
References
https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20190612111732/ http://arox.in/ https://web.archive.org/web/20200129123503/ https://www.exploit-db.com/exploits/48392 https://www.vulncheck.com/advisories/school-erp-pro-admin-profile-photo-upload-remote-code-execution-vulnerability
Share on: