CVE-2020-37084 - School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

CVE ID : CVE-2020-37084 Published : Feb. 3, 2026, 11:16 p.m. | 1 hour, 58 minutes ago Description : School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...