CVE-2019-25647
- EPSS 0.25%
- Veröffentlicht 24.03.2026 11:27:17
- Zuletzt bearbeitet 25.03.2026 21:43:22
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files thro...
CVE-2019-25630
- EPSS 0.67%
- Veröffentlicht 24.03.2026 11:27:04
- Zuletzt bearbeitet 26.03.2026 17:16:26
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files thro...
CVE-2017-5990
- EPSS 0.31%
- Veröffentlicht 15.02.2017 06:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js...