CVE-2019-25630

High CVSS: 8.7

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.

Vendor

Phreesoft

Product

Phreebookserp

CWE

CWE-434

Yayın Tarihi

2026-03-24 12:16:03

Güncelleme

2026-03-26 17:16:26

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Phreebookserp HIGH Phreesoft 2026

Referanslar

https://sourceforge.net/projects/phreebooks/files/latest/download https://www.exploit-db.com/exploits/46644 https://www.phreesoft.com/ https://www.vulncheck.com/advisories/phreebooks-erp-arbitrary-file-upload-via-image-manager