CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25630

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://sourceforge.net/projects/phreebooks/files/latest/download
https://www.exploit-db.com/exploits/46644
https://www.phreesoft.com/
https://www.vulncheck.com/advisories/phreebooks-erp-arbitrary-file-upload-via-image-manager

Products affected by CVE-2019-25630

Phreesoft » Phreebookserp » Version: 5.2.3

cpe:2.3:a:phreesoft:phreebookserp:5.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25630

Products

Pricing

Contact Us