CVE-2022-32119 – Arox School ERP Pro v1.0 contains multiple arbi... (How to Fix)

Q: What is the severity of CVE-2022-32119?

CVE-2022-32119 has a CVSS score of 8.8 (HIGH). Arox School ERP Pro v1.0 contains multiple arbitrary file upload vulnerabilities that allow attackers to upload malicious files to the server. This affects all users running the vulnerable version of the software, potentially leading to remote code execution.

📋 TL;DR

Arox School ERP Pro v1.0 contains multiple arbitrary file upload vulnerabilities that allow attackers to upload malicious files to the server. This affects all users running the vulnerable version of the software, potentially leading to remote code execution.

💻 Affected Systems

Products:

Arox School ERP Pro

Versions: v1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation with no additional configuration required for exploitation.

📦 What is this software?

School Erp Pro by Arox

View all CVEs affecting School Erp Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell upload allowing persistent access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File uploads blocked or properly validated, limiting impact to denial of service if upload attempts occur.

🌐 Internet-Facing: HIGH - The vulnerable functions are accessible via web interface, making internet-facing instances prime targets.

🏢 Internal Only: HIGH - Even internally accessible instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but is straightforward once authenticated. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file upload validation in photogalleries.inc.php and 1finance_master.inc.php

Add file type validation: only allow image files (jpg, png, gif) for photo uploads
Add file extension validation: block executable extensions (php, exe, sh, etc.)
Implement file content verification using magic bytes

Access Control

all

Restrict access to vulnerable functions to authorized users only

Add authentication checks before file upload processing
Implement role-based access control for administrative functions

🧯 If You Can't Patch

Disable the vulnerable functions (Add Photo and import staff excel) if not essential
Implement web application firewall rules to block file uploads with suspicious extensions

🔍 How to Verify

Check if Vulnerable:

Check if running Arox School ERP Pro v1.0 and test file upload functionality with malicious files

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Attempt to upload files with executable extensions and verify they are rejected

📡 Detection & Monitoring

Log Indicators:

Multiple failed file upload attempts
Uploads of files with executable extensions
Unusual file uploads to photogalleries or finance modules

Network Indicators:

POST requests to photogalleries.inc.php or 1finance_master.inc.php with file uploads
Unusual outbound connections from web server

SIEM Query:

source="web_server" AND (uri="*photogalleries.inc.php*" OR uri="*1finance_master.inc.php*") AND method="POST" AND size>1000000

📊 Metadata

CVE ID: CVE-2022-32119

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 15, 2022

Last Updated: November 21, 2024

🔗 References

http://arox.com Not Applicable
http://school.com Not Applicable
https://github.com/JC175/CVE-2022-32119 Exploit,Third Party Advisory
http://arox.com Not Applicable
http://school.com Not Applicable
https://github.com/JC175/CVE-2022-32119 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32119, you might also want to check these: