CVE-2020-37084

HIGH

School ERP Pro 1.0 - Authenticated Remote Code Execution via Profile Photo Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37084. PoCs published by Besim.

AI-analyzed exploit summary The exploit demonstrates a file upload vulnerability in School ERP Pro 1.0, allowing remote code execution by uploading a malicious PHP file via the student message attachment feature. The vulnerable code fails to validate file extensions, enabling attackers to bypass restrictions and execute arbitrary PHP code.

Description

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

Exploits (1)

exploitdb WORKING POC
by Besim · textwebappsphp
https://www.exploit-db.com/exploits/48392

The exploit demonstrates a file upload vulnerability in School ERP Pro 1.0, allowing remote code execution by uploading a malicious PHP file via the student message attachment feature. The vulnerable code fails to validate file extensions, enabling attackers to bypass restrictions and execute arbitrary PHP code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: School ERP Pro 1.0
Auth required
Prerequisites: Student account credentials · Access to the message attachment feature
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.2
EPSS 0.0081
EPSS Percentile 52.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (1)
arox/school_erp_pro 1.0
Published Feb 03, 2026
Tracked Since Feb 18, 2026