Vulnerabilities > Arox
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-31 | CVE-2020-8505 | Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | 4.3 |
2020-01-31 | CVE-2020-8504 | Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314 School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | 4.3 |
2019-07-04 | CVE-2019-13294 | Improper Authentication vulnerability in Arox School-Erp AROX School-ERP Pro has a command execution vulnerability. | 10.0 |
2017-10-31 | CVE-2017-15978 | SQL Injection vulnerability in Arox School ERP PHP Script 1.0 AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | 7.5 |