High severity8.8NVD Advisory· Published Jan 23, 2026· Updated Apr 15, 2026

CVE-2021-47904

Description

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985nvd
www.exploit-db.com/exploits/46645nvd
www.exploit-db.com/exploits/49524nvd
www.phreesoft.comnvd
www.vulncheck.com/advisories/phreebooks-remote-code-executionnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000