Scan free
HIGHCVE-2020-37088CVSS 7.5

CVE-2020-37088: Arbitrary File Access in School ERP Pro

Platform

php

Component

school-erp-pro

Fixed in

1.0.1

AI Confidence: highNVDEPSS 2.1%Reviewed: May 2026
View on NVD
Save

CVE-2020-37088 describes an arbitrary file access vulnerability discovered in School ERP Pro. This flaw allows unauthenticated attackers to read sensitive files from the server by manipulating the 'document' parameter within the download.php script. The vulnerability impacts versions 1.0 through 1.0 of School ERP Pro, and a patch is required to remediate the issue.

Impact and Attack Scenarios

The primary impact of CVE-2020-37088 is the potential for unauthorized access to sensitive data. An attacker exploiting this vulnerability can read arbitrary files on the server, including configuration files that may contain database credentials, API keys, or other sensitive information. Successful exploitation could lead to complete compromise of the School ERP Pro system and potentially the underlying server. This vulnerability is particularly concerning because it requires no authentication, making it easily exploitable by a wide range of attackers.

Exploitation Context

CVE-2020-37088 was publicly disclosed on 2026-02-03. No public proof-of-concept exploits are currently known. The vulnerability's simplicity suggests a moderate likelihood of exploitation if left unpatched. It is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

2.09% (84% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.5HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentschool-erp-pro
VendorArox
Affected rangeFixed in
1.0 – 1.01.0.1

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 110 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2020-37088 is to upgrade to a patched version of School ERP Pro as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds such as restricting access to the download.php script using a web application firewall (WAF) or proxy server. Configure the WAF to block requests containing directory traversal sequences (e.g., '../') in the 'document' parameter. Carefully review file permissions to ensure that sensitive files are not accessible by the web server user. After applying a patch, verify the fix by attempting to access a sensitive file through the download.php script with a directory traversal payload; access should be denied.

How to fix

Update to a patched version or apply the security measures provided by the vendor. Verify and sanitize the 'document' parameter input in download.php to prevent directory traversal. Limit access to sensitive files and configure system permissions correctly.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2020-37088 — Arbitrary File Access in School ERP Pro?

CVE-2020-37088 is a vulnerability in School ERP Pro 1.0–1.0 that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter, potentially exposing sensitive data.

Am I affected by CVE-2020-37088 in School ERP Pro?

If you are running School ERP Pro version 1.0, you are potentially affected. Check your installation and upgrade as soon as a patch is available.

How do I fix CVE-2020-37088 in School ERP Pro?

The recommended fix is to upgrade to a patched version of School ERP Pro. Until then, implement WAF rules to block directory traversal attempts.

Is CVE-2020-37088 being actively exploited?

There are currently no confirmed reports of active exploitation, but the vulnerability's simplicity makes it a potential target.

Where can I find the official School ERP Pro advisory for CVE-2020-37088?

Refer to the School ERP Pro vendor website or security mailing lists for official advisories and patch releases.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs