Security Advisory

CVE-2020-37084

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 22:09:46

Last updated 2026-03-05 01:27:49

Assigner VulnCheck

State PUBLISHED

Description

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.

← Browse all CVEs View on cve.org ↗