PT-2019-13244 · Arox · Arox School Erp Pro

Akkus

Published

2019-07-04

Updated

2020-08-24

CVE-2019-13294

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AROX School-ERP Pro (affected versions not specified)

Description The issue concerns a command execution vulnerability. Specifically, the import stud.php and upload file.php files lack session control, allowing an unauthenticated user to execute commands on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-287

Related Identifiers

CVE-2019-13294

Affected Products

Arox School Erp Pro

PT-2019-13244 · Arox · Arox School Erp Pro

CVE-2019-13294

Weakness Enumeration

Related Identifiers

Affected Products

References · 4