Vulnerabilities > Arox > School Management Software PHP Mysql

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2020-8505 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
network
low complexity
arox CWE-352
6.5
6.5
2020-01-31 CVE-2020-8504 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
network
low complexity
arox CWE-352
6.5
6.5