CVE-2019-25630

Sažetak

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.

Reference

https://sourceforge.net/projects/phreebooks/files/latest/download
https://www.exploit-db.com/exploits/46644
https://www.phreesoft.com/
https://www.vulncheck.com/advisories/phreebooks-erp-arbitrary-file-upload-via-image-manager

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

25-03-2026 - 21:45

Objavljeno

24-03-2026 - 12:16