AROX School-ERP Pro Unauthenticated Remote Code Execution
Posted by deepcore on June 18, 2019 – 12:50 pm
This Metasploit module exploits a command execution vulnerability in AROX School-ERP. “import_stud.php” and “upload_fille.php” do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.
Post a reply
You must be logged in to post a comment.