📄 Description (English)
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.
🤖 AI Executive Summary
School ERP Pro 1.0 contains a critical path traversal vulnerability (CVE-2020-37088) allowing unauthenticated attackers to read arbitrary files including sensitive configuration data and credentials. The vulnerability exists in the download.php file's 'document' parameter and has publicly available exploits. This poses immediate risk to educational institutions using this software to access student records, financial data, and system credentials.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 03:51
🇸🇦 Saudi Arabia Impact Assessment
Saudi educational institutions (K-12 and higher education) using School ERP Pro 1.0 face immediate risk of unauthorized access to student personal data, financial records, and institutional credentials. Government education sector (Ministry of Education) and private schools are particularly vulnerable. Secondary impact includes potential compromise of connected systems if administrative credentials are exposed. Healthcare institutions using similar ERP systems may also be affected. Risk extends to data privacy violations under PDPL (Personal Data Protection Law) and potential regulatory penalties from CITC.
🏢 Affected Saudi Sectors
Education (K-12 and Higher Education)
Government (Ministry of Education)
Healthcare (if using similar ERP systems)
Financial Services (if using for payroll/accounting)
Private Sector (any organization using School ERP Pro)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of School ERP Pro 1.0 in your environment using network scanning and asset inventory tools
2. Isolate affected systems from production networks if patch cannot be applied immediately
3. Review access logs for download.php to identify potential exploitation attempts (look for directory traversal patterns like ../, ..\, encoded variants)
4. Disable or restrict access to download.php via WAF rules blocking requests containing path traversal characters
PATCHING:
1. Apply vendor patch immediately - upgrade to patched version of School ERP Pro
2. If upgrade not immediately possible, implement input validation on 'document' parameter to reject path traversal sequences
3. Test patch in non-production environment before deployment
COMPENSATING CONTROLS:
1. Implement Web Application Firewall (WAF) rules to block requests with ../, ..\ or URL-encoded variants (%2e%2e)
2. Apply principle of least privilege - restrict file system permissions on configuration files
3. Move sensitive configuration files outside web root directory
4. Implement strong authentication and access controls for administrative functions
5. Enable detailed logging and monitoring of download.php access
DETECTION RULES:
1. Monitor for HTTP requests to download.php containing: ../, ..\ , %2e%2e, %252e, encoded path traversal
2. Alert on access to sensitive files: config.php, database.yml, .env, credentials files
3. Track failed and successful file access attempts in application logs
4. Implement IDS/IPS signatures for path traversal attacks
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ School ERP Pro 1.0 في بيئتك باستخدام أدوات المسح والجرد
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إذا لم يكن يمكن تطبيق التصحيح فوراً
3. مراجعة سجلات الوصول لـ download.php للبحث عن محاولات استغلال محتملة
4. تعطيل أو تقييد الوصول إلى download.php عبر قواعد WAF
التصحيح:
1. تطبيق تصحيح البائع فوراً - الترقية إلى نسخة مصححة
2. إذا لم يكن الترقية ممكنة فوراً، تنفيذ التحقق من صحة المدخلات
3. اختبار التصحيح في بيئة غير الإنتاج قبل النشر
الضوابط البديلة:
1. تنفيذ قواعد WAF لحجب الطلبات التي تحتوي على أنماط اجتياز المسارات
2. تطبيق مبدأ أقل امتياز على أذونات نظام الملفات
3. نقل الملفات الحساسة خارج جذر الويب
4. تنفيذ المصادقة القوية والتحكم في الوصول
5. تفعيل السجلات المفصلة ومراقبة الوصول
قواعد الكشف:
1. مراقبة طلبات HTTP إلى download.php التي تحتوي على أنماط اجتياز
2. التنبيه على الوصول إلى الملفات الحساسة
3. تتبع محاولات الوصول الفاشلة والناجحة
4. تنفيذ توقيعات IDS/IPS
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.1.1 - Access Control and Authentication
ECC 2024 A.8.1.1 - Asset Management and Inventory
ECC 2024 A.12.4.1 - Event Logging and Monitoring
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software Inventory and Asset Management
SAMA CSF PR.AC-1 - Access Control and Authentication
SAMA CSF PR.PT-1 - Security Testing and Vulnerability Management
SAMA CSF DE.CM-1 - Detection and Monitoring
SAMA CSF RS.MI-2 - Incident Response and Mitigation
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security
ISO 27001:2022 A.6.1 - Roles and Responsibilities
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.8.3 - Media Handling
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.13.1 - Network Security
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 6.5.1 - Injection Flaws
PCI DSS 11.2 - Vulnerability Scanning
PCI DSS 12.2 - Configuration Standards
🔗 References & Sources 4
🔗
https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-...
disclosure@vulncheck.com
Product
🔗
https://web.archive.org/web/20200129123503/http://arox.in/
disclosure@vulncheck.com
Product
🔗
https://www.exploit-db.com/exploits/48394
disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
🔗
https://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
arox:school_erp_pro:1.0