216.73.217.86

CVE-2020-37084

· Published 03/02/2026 23:16 · Modified 04/02/2026 16:33

Labels: CVE-2020-37084 2026-02-03CVE-2020-37084CWE-434[email protected]

Essential information

Published
03/02/2026 23:16
Modified
04/02/2026 16:33
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
school erp / school erp pro cpe:2.3:a:school_erp:school_erp_pro:1.0:*:*:*:*:*:*:*

References