CVE-2019-25630

Name of the Vulnerable Software and Affected Versions PhreeBooks ERP version 5.2.3

Description The software contains a flaw in the Image Manager component that allows authenticated attackers to upload malicious files. Attackers can submit requests to the image upload endpoint, specifically uploading PHP files through the imgFile parameter to the ''bizuno/image/manager'' endpoint. These uploaded files can then be executed via the ''bizunoFS.php'' script, leading to remote code execution.

Recommendations Update to a newer version that contains a fix for this vulnerability.