Phreebookserp
by Phreesoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47904 | Hig | 0.57 | 8.8 | 0.01 | Jan 23, 2026 | PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. | ||
| CVE-2017-5990 | Med | 0.40 | 6.1 | 0.01 | Feb 15, 2017 | An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and… | ||
| CVE-2019-25647 | 0.00 | — | 0.01 | Mar 24, 2026 | PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager… | |||
| CVE-2019-25630 | 0.00 | — | 0.01 | Mar 24, 2026 | PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to… |
- risk 0.57cvss 8.8epss 0.01
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and…
- CVE-2019-25647Mar 24, 2026risk 0.00cvss —epss 0.01
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager…
- CVE-2019-25630Mar 24, 2026risk 0.00cvss —epss 0.01
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to…