Vulnerabilities > Arox

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2020-8505 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
network
arox CWE-352
4.3
2020-01-31 CVE-2020-8504 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
network
arox CWE-352
4.3
2019-07-04 CVE-2019-13294 Improper Authentication vulnerability in Arox School-Erp
AROX School-ERP Pro has a command execution vulnerability.
network
low complexity
arox CWE-287
critical
10.0
2017-10-31 CVE-2017-15978 SQL Injection vulnerability in Arox School ERP PHP Script 1.0
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
network
low complexity
arox CWE-89
7.5