Subscribe via feed.

AROX School-ERP Pro Unauthenticated Remote Code Execution

Posted by deepcore on June 18, 2019 – 12:50 pm

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. “import_stud.php” and “upload_fille.php” do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.