CVE-2019-25647

HIGH

PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25647. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit demonstrates a remote command execution vulnerability in PhreeBooks ERP 5.2.3 by uploading a malicious PHP file through the Image Manager due to lack of file extension controls. It authenticates, uploads a reverse shell payload, and executes it to establish a connection to an attacker-controlled server.

Description

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.

Exploits (1)

exploitdb WORKING POC

by Metin Yunus Kandemir · pythonremotepython

https://www.exploit-db.com/exploits/46645

View Code ZIP pw:eip

This exploit demonstrates a remote command execution vulnerability in PhreeBooks ERP 5.2.3 by uploading a malicious PHP file through the Image Manager due to lack of file extension controls. It authenticates, uploads a reverse shell payload, and executes it to establish a connection to an attacker-controlled server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PhreeBooks ERP v5.2.3

Auth required

Prerequisites: valid credentials for PhreeBooks ERP · network access to the target · listener set up on attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46645

https://www.exploit-db.com/exploits/46645

Product product

Official Product Homepage

https://www.phreesoft.com/

Product product

Product Reference

https://sourceforge.net/projects/phreebooks/

Third Party Advisory third-party-advisory

VulnCheck Advisory: PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

https://www.vulncheck.com/advisories/phreebooks-erp-remote-code-execution-via-image-manager

Scores

CVSS v3 8.8

EPSS 0.0080

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

Phreesoft/PhreeBooks ERP 5.2.3

phreesoft/phreebookserp 5.2.3

Published Mar 24, 2026

Tracked Since Mar 24, 2026