CVE-2020-37088

HighPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0219 84.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37088 is a high-severity Path Traversal (CWE-22) vulnerability in Arox School Erp Pro. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates the directory traversal vulnerability by requiring validation of the 'document' parameter in download.php to block path manipulation attempts.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations to restrict unauthenticated file reads, preventing disclosure of arbitrary files via the vulnerable endpoint.

AC-6 Least Privilege good match

prevent

Applies least privilege to the web application process, limiting its ability to access sensitive configuration files even if directory traversal succeeds.

NVD Description

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and…

configuration information.

Deeper analysisAI

CVE-2020-37088 is a file disclosure vulnerability (CWE-22) affecting School ERP Pro 1.0. The issue resides in the download.php component, where unauthenticated attackers can manipulate the 'document' parameter with directory traversal paths to read arbitrary files, including sensitive configuration files containing system credentials and configuration information.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction or privileges required, earning a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation allows retrieval of high-impact confidential data such as credentials, potentially enabling further compromise of the affected system.

Advisories and related resources include archived project pages for School ERP Ultimate on SourceForge and the vendor site arox.in, a proof-of-concept exploit on Exploit-DB (ID 48394), and a Vulncheck advisory detailing the arbitrary file read in School ERP Pro. No patches or specific mitigations are mentioned in the available references.