How to fix CVE-2020-37088?

Within 24 hours: Isolate affected School ERP Pro 1.0 instances from internet access and disable the download.php functionality if operationally feasible. Within 7 days: Conduct file access audit logs to identify unauthorized downloads and implement network segmentation to restrict access to ERP systems. Within 30 days: Evaluate alternative ERP solutions and develop a migration timeline, as this vendor appears to be providing no patch; contact the vendor for security update status and consider reporting to relevant education sector authorities.

Is PHP affected by CVE-2020-37088?

School ERP Pro 1.0 contains an unauthenticated file disclosure vulnerability allowing attackers to read arbitrary files from affected systems without requiring credentials.

CVE-2020-37088

HIGH

2026-02-03 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 17:03 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

HIGH 7.5

Description

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Analysis

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. [CVSS 7.5 HIGH]

Technical Context

Classified as CWE-22 (Path Traversal). Affects School Erp Pro. School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.

Affected Products

Vendor: Arox. Product: School Erp Pro. Versions: up to 1.0.

Remediation

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +5.4

CVSS: +38

POC: +20

CVE-2020-37088 vulnerability details – vuln.today

Back

CVE-2020-37088

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37088

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code