Multiple Arbitrary File Upload Vulnerabilities in Arox School ERP Pro v1.0

Multiple Arbitrary File Upload Vulnerabilities in Arox School ERP Pro v1.0

CVE-2022-32119 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

Learn more about our Web Application Penetration Testing UK.