CNNVD-202602-224 Information
CNNVD ID
CNNVD-202602-224
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Arox School ERP Pro是Arox公司的一个一站式自动化管理平台。 School ERP Pro 1.0版本存在SQL注入漏洞,该漏洞源于es_messagesid参数存在SQL注入漏洞,攻击者可通过GET请求注入特制SQL语句,可能导致数据库信息被提取、修改或删除。
Description (English)
Arox School ERP Pro is a one-stop automated management platform for Arox. The SQL-injection loophole in version School ERP Pro 1.0 stems from the SQL-injection gap in the s messagesid parameters, where the assailant can request a specially designed SQL statement through GEET, which could lead to the extraction, modification or deletion of database information.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Arox
Published
2026-02-03
Last Modified
2026-02-24
References
https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20190612111732/ http://arox.in/ https://web.archive.org/web/20200129123503/ https://www.exploit-db.com/exploits/48390 https://www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injection
Share on: