Vulnerabilities > Arox

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-15	CVE-2022-32118	Cross-site Scripting vulnerability in Arox School ERP PRO 1.0 Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php. network low complexity arox CWE-79	6.1
2022-07-15	CVE-2022-32119	Unrestricted Upload of File with Dangerous Type vulnerability in Arox School ERP PRO 1.0 Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. network low complexity arox CWE-434	8.8
2020-01-31	CVE-2020-8505	Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. network low complexity arox CWE-352	6.5
2020-01-31	CVE-2020-8504	Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. network low complexity arox CWE-352	6.5
2019-07-04	CVE-2019-13294	Unrestricted Upload of File with Dangerous Type vulnerability in Arox School-Erp AROX School-ERP Pro has a command execution vulnerability. network low complexity arox CWE-434 critical	9.8
2017-10-31	CVE-2017-15978	SQL Injection vulnerability in Arox School ERP PHP Script 1.0 AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. network low complexity arox CWE-89 critical	9.8

Vulnerabilities > Arox {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Arox"}]}

Vulnerabilities > Arox