CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
References
Link Resource
http://arox.com Not Applicable
http://school.com Not Applicable
https://github.com/JC175/CVE-2022-32119 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:arox:school_erp_pro:1.0:*:*:*:*:*:*:*

History

22 Jul 2022, 16:45

Type Values Removed Values Added
References (MISC) https://github.com/JC175/CVE-2022-32119 - (MISC) https://github.com/JC175/CVE-2022-32119 - Exploit, Third Party Advisory
References (MISC) http://arox.com - (MISC) http://arox.com - Not Applicable
References (MISC) http://school.com - (MISC) http://school.com - Not Applicable
CPE cpe:2.3:a:arox:school_erp_pro:1.0:*:*:*:*:*:*:*
First Time Arox
Arox school Erp Pro
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-434

15 Jul 2022, 12:17

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-15 12:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-32119

Mitre link : CVE-2022-32119

CVE.ORG link : CVE-2022-32119


JSON object : View

Products Affected

arox

  • school_erp_pro
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type