CVE-2022-32119

HIGH

Arox School Erp Pro - Unrestricted File Upload

Title source: rule

Description

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

Exploits (1)

nomisec WORKING POC 17 stars

by JC175 · poc

https://github.com/JC175/CVE-2022-32119

View Code ZIP pw:eip

References (3)

Core 3

Core References

Not Applicable x_refsource_misc

http://school.com

Not Applicable x_refsource_misc

http://arox.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JC175/CVE-2022-32119

Scores

CVSS v3 8.8

EPSS 0.1228

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

arox/school_erp_pro 1.0

Published Jul 15, 2022

Tracked Since Feb 18, 2026