CNNVD-202602-222 Information
CNNVD ID
CNNVD-202602-222
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Arox School ERP Pro是Arox公司的一个一站式自动化管理平台。 Arox School ERP Pro 1.0版本存在路径遍历漏洞,该漏洞源于download.php中的document参数存在文件泄露漏洞,攻击者可通过提供目录遍历路径来访问敏感配置文件,可能导致系统凭据和配置信息被检索。
Description (English)
Arox School ERP Pro is a one-stop automated management platform for Arox. Version 1.0 of the Abox School ERP Pro has a loophole in the path, which stems from the file leaking hole in the document parameters in download.php, where the assailant can access sensitive configuration files by providing a directory-crossing path, which may lead to the retrieval of the system’s supporting and configuration information.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
Arox
Published
2026-02-03
Last Modified
2026-02-24
References
https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20190612111732/ http://arox.in/ https://web.archive.org/web/20200129123503/ https://www.exploit-db.com/exploits/48394 https://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read
Share on: