CVE-2022-32119

Name of the Vulnerable Software and Affected Versions Arox School ERP Pro version 1.0

Description The issue is related to the implementation of the Add Photo and Import Staff functions in the school management system, which allows for unlimited upload of dangerous file types. This can be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted malicious file. The vulnerability is exploited through the "Add Photo" function at "photogalleries.inc.php" and the "import staff excel" function at "1finance master.inc.php".

Recommendations For Arox School ERP Pro version 1.0, consider disabling the Add Photo function and the import staff excel function until a patch is available to prevent exploitation. Restrict access to the "photogalleries.inc.php" and "1finance master.inc.php" files to minimize the risk of exploitation. Avoid using these functions until the issue is resolved.