CVE-2020-37088

HIGH

School ERP Pro 1.0 - Info Disclosure

Title source: llm

Description

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Exploits (1)

exploitdb WORKING POC

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48394

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48394

[Product] https://web.archive.org/web/20200129123503/http://arox.in/

[Product] https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/

[Third Party Advisory] https://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read

Scores

CVSS v3 7.5

EPSS 0.0219

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

arox/school_erp_pro 1.0

Published Feb 03, 2026

Tracked Since Feb 18, 2026