ГлавнаяУязвимости → CVE-2020-37089
8.2высокая

CVE-2020-37089

Описание

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.

Затрагиваемое ПО
Arox School erp pro
CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Источники
https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/https://web.archive.org/web/20200129123503/http://arox.in/https://www.exploit-db.com/exploits/48390https://www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injection