CVE-2020-37088

HIGH

School ERP Pro 1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37088. PoCs published by Besim.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file read vulnerability in School ERP Pro 1.0 via the 'download.php' script, which does not sanitize user input in the 'document' parameter. The PoC shows how to read sensitive files like 'constants.inc.php' containing database credentials.

Description

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Exploits (1)

exploitdb WORKING POC
by Besim · textwebappsphp
https://www.exploit-db.com/exploits/48394

This exploit demonstrates an arbitrary file read vulnerability in School ERP Pro 1.0 via the 'download.php' script, which does not sanitize user input in the 'document' parameter. The PoC shows how to read sensitive files like 'constants.inc.php' containing database credentials.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: School ERP Pro 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Knowledge of file paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0256
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
arox/school_erp_pro 1.0
Published Feb 03, 2026
Tracked Since Feb 18, 2026