Phreesoft Phreebooks Erp vulnerabilities
2 known vulnerabilities affecting phreesoft/phreebooks_erp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2019-25630P2HIGHCVSS 8.8v5.2.32026-03-24
CVE-2019-25630 [HIGH] CWE-434 CVE-2019-25630: PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php scr
nvd
CVE-2019-25647P2HIGHCVSS 8.8v5.2.32026-03-24
CVE-2019-25647 [HIGH] CWE-434 CVE-2019-25647: PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute syst
nvd