Home / os / winmobile

AROX School-ERP Pro Unauthenticated Remote Code Execution

Posted on 17 June 2019

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.

 

TOP

Malware :

Exploits :