Browse all 4 CVE security advisories affecting Arox. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arox is a software platform primarily used for enterprise data management and analytics. Historically, the product has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities, as evidenced by its four recorded CVEs. Security researchers have identified consistent weaknesses in input validation and access control mechanisms. While no major public security incidents have been widely reported, the pattern of vulnerabilities suggests potential risks for organizations relying on the platform for sensitive data operations. The cumulative impact of these security issues has raised concerns among security professionals regarding the platform's overall security posture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-37084 | School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability — School ERP ProCWE-434 | 7.2AI | HighAI | 2026-02-03 |
| CVE-2020-37090 | School ERP Pro 1.0 - Remote Code Execution — School ERP ProCWE-434 | 9.8 | Critical | 2026-02-03 |
| CVE-2020-37089 | School ERP Pro 1.0 - 'es_messagesid' SQL Injection — School ERP ProCWE-89 | 8.2 | High | 2026-02-03 |
| CVE-2020-37088 | School ERP Pro 1.0 - Arbitrary File Read — School ERP ProCWE-22 | 7.5 | High | 2026-02-03 |
This page lists every published CVE security advisory associated with Arox. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.