Description
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.
Published: 2026-03-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An authenticated attacker can upload malicious PHP files through the image manager endpoint by bypassing the file extension check, then execute those files to run arbitrary system commands and establish a reverse shell. This allows the attacker to fully compromise the server that hosts PhreeBooks ERP.

Affected Systems

Phreesoft’s PhreeBooks ERP product, version 5.2.3, is impacted. No other versions are listed; an unaffected version is not indicated in the data.

Risk and Exploitability

The vulnerability carries a high CVSS score of 8.7, indicating a serious risk. The EPSS score is below 1 percent, suggesting low observed exploit activity to date. It is not listed in the CISA KEV catalog. Exploitation requires valid user credentials; the attacker must first authenticate to access the image manager. Once logged in, the attacker can upload and execute arbitrary PHP code, gaining remote code execution capabilities.

Generated by OpenCVE AI on March 25, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest PhreeBooks ERP release or apply any vendor‑supplied patch that addresses the image manager issue.
  • Verify that the image manager strictly validates uploaded file types and disallows execution of PHP or other executable scripts.
  • Configure the web server or use .htaccess rules to deny execution of uploaded files in the upload directory.
  • If an immediate upgrade is not possible, disable the image manager feature or restrict its use to trusted administrators until a patch is available.

Generated by OpenCVE AI on March 25, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phreesoft:phreebookserp:5.2.3:*:*:*:*:*:*:*

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Phreesoft
Phreesoft phreebookserp
Vendors & Products Phreesoft
Phreesoft phreebookserp

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.
Title PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Phreesoft Phreebookserp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:11:57.011Z

Reserved: 2026-03-24T11:13:18.717Z

Link: CVE-2019-25647

cve-icon Vulnrichment

Updated: 2026-03-24T14:08:27.110Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T12:16:07.400

Modified: 2026-03-25T21:43:22.270

Link: CVE-2019-25647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:20:22Z

Weaknesses