CVE-2020-37090

School ERP Pro · School ERP Pro

School ERP Pro 1.0 contains an unrestricted file upload vulnerability in its messaging system, allowing attackers to execute arbitrary PHP code on the server.

Executive summary

An arbitrary file upload vulnerability in School ERP Pro 1.0 enables remote attackers to achieve remote code execution (RCE) by uploading malicious PHP scripts.

Vulnerability

The application fails to properly sanitize or restrict file types uploaded via the messaging system's attachment feature. This allows an attacker to upload executable PHP files, which can then be triggered to execute arbitrary code within the server environment.

Business impact

With a CVSS score of 9.8, this flaw allows for complete server compromise. Successful exploitation grants attackers the ability to execute commands with the privileges of the web server, leading to potential ransomware deployment, data theft, and full control over the application's underlying infrastructure.

Remediation

Immediate Action: Update to the latest version of School ERP Pro to ensure that file upload validation mechanisms are correctly implemented.

Proactive Monitoring: Monitor server directories where uploads are stored for suspicious files or unexpected script execution attempts.

Compensating Controls: Implement strict server-side file type validation and restrict the execution of scripts within the upload directory via web server configuration settings (e.g., .htaccess or Nginx location blocks).

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Remote Code Execution (RCE) vulnerabilities are of the highest severity. Administrators must update School ERP Pro immediately and audit the system for any signs of existing unauthorized file uploads or persistent backdoors.