CNNVD-202602-226 Information
CNNVD ID
CNNVD-202602-226
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Arox School ERP Pro是Arox公司的一个一站式自动化管理平台。 Arox School ERP Pro 1.0版本存在代码问题漏洞,该漏洞源于消息附件功能存在文件上传漏洞,可能导致学生上传任意PHP文件到消息系统,从而在服务器上执行远程代码。
Description (English)
Arox School ERP Pro is a one-stop automated management platform for Arox. There is a code gap in version Abox School ERP Pro 1.0, which stems from a file upload gap in the message attachment function, which may lead students to upload any PHP file to the message system, thus implementing remote code on the server.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
Arox
Published
2026-02-03
Last Modified
2026-02-24
References
https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20190612111732/ http://arox.in/ https://web.archive.org/web/20200129123503/ https://www.exploit-db.com/exploits/48392 https://www.vulncheck.com/advisories/school-erp-pro-remote-code-execution
Share on: