PT-2026-5839 · Unknown · School Erp Pro
Besim Altinok
·
Published
2026-02-03
·
Updated
2026-02-10
·
CVE-2020-37089
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
School ERP Pro version 1.0
Description
School ERP Pro version 1.0 contains a SQL injection issue in the
es messagesid parameter. Attackers can manipulate database queries through GET requests by injecting crafted SQL statements. This could allow attackers to extract, modify, or delete database information. The vulnerable parameter is accessible via GET requests.Recommendations
Apply a fix for School ERP Pro version 1.0 to address the SQL injection issue in the
es messagesid parameter.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
School Erp Pro