CVE-2020-37088

HIGH

School ERP Pro 1.0 - Info Disclosure

Title source: llm

Description

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Exploits (1)

exploitdb WORKING POC

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48394

View Code ZIP pw:eip

References (4)

[Product] https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/

[Product] https://web.archive.org/web/20200129123503/http://arox.in/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48394

[Third Party Advisory] https://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read

Scores

CVSS v3 7.5

EPSS 0.0536

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (1)

arox/school_erp_pro

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026