LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2019-25630

CVE-2019-25630 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 25, 2026

PhreeBooks ERP - Unrestricted File Upload

Published: March 24, 2026Updated: March 25, 2026PoC AvailableRemote Exploitable

Overview

PhreeBooks ERP 5.2.3 contains an unrestricted file upload vulnerability caused by improper validation in the Image Manager component, letting authenticated attackers upload and execute malicious PHP files remotely, exploit requires authentication.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 66.7%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can upload and execute malicious PHP files, leading to remote code execution and full system compromise.

Mitigation

Update to the latest version with the vulnerability fixed.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 30, 2026

📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1724 Severity: - Critical: 160 - High: 649 - Medium: 676 - Low: 49 - None: 190 Status: - : 20 - Analyzed: 407 - Awaiting Analysis: 410 - Modified: 55 - Received: 778 - Rejected: 23 - Undergoing Analysis: 31 Top CNAs: - GitHub, Inc.: 426 - Patchstack: 248 - VulDB: 159 - VulnCheck: 124 - kernel.org: 122 - Apple Inc.: 87 - MITRE: 74 - Mozilla Corporation: 47 - Wordfence: 46 - Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33 Top Affected Products: - UNKNOWN: 1239 - Apple Macos: 76 - Mozilla Firefox: 45 - Apple Ipados: 41 - Apple Iphone Os: 41 - Wwbn Avideo: 34 - Apple Visionos: 28 - Apple Watchos: 21 - Open-emr Openemr: 20 - Hcltech Aftermarket Cloud: 17 Top EPSS Score: - CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634) - CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526) - CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478) - CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854) - CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748) - CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515) - CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396) - CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611) - CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829) - CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)

View original post

Related Resources

Details

CVE ID
CVE-2019-25630
Severity
High
CVSS Score
8.8
Type
unrestricted_file_upload
Status
confirmed
EPSS
66.7%
Social Posts
1

CWE

  • CWE-79
  • CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

66.7%Probability of exploitation in the next 30 days