Home / Vulnerability Intelligence / CVE-2019-25630

CVE-2019-25630 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 24, 2026

PhreeBooks ERP - Unrestricted File Upload

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

PhreeBooks ERP 5.2.3 contains an unrestricted file upload vulnerability caused by improper validation in the Image Manager component, letting authenticated attackers upload and execute malicious PHP files remotely, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers can upload and execute malicious PHP files, leading to remote code execution and full system compromise.

Mitigation

Update to the latest version with the vulnerability fixed.

References

https://sourceforge.net/projects/phreebooks/files/latest/download
https://www.exploit-db.com/exploits/46644
https://www.phreesoft.com/
https://www.vulncheck.com/advisories/phreebooks-erp-arbitrary-file-upload-via-image-manager

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25630
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H