Kr0Ff

**Name of the Vulnerable Software and Affected Versions** PhreeBooks version 5.2.3 **Description** PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to remote code execution on the server. The vulnerable component is the Image Manager. The attack involves uploading a malicious PHP web shell. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.