Multiple vulnerabilities in School ERP Pro+Responsive by AROX SOLUTION

Posted date 13/05/2024
Identificador
INCIBE-2024-0243
Importance
5 - Critical
Affected Resources

School ERP Pro+Responsive, version 1.0.

Description

INCIBE has coordinated the publication of 3 vulnerabilities, 1 of critical severity and 2 medium, affecting AROX SOLUTION's School ERP Pro+Responsive, a web-based school management system, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2024-4822: 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | CWE-79
  • CVE-2024-4823: 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CWE-79
  • CVE-2024-4824: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89
Solution

There is no reported solution at this time.

Detail

CVE-2024-4822: vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session.

CVE-2024-4823: vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.

CVE-2024-4824: vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

References list