CVE-2021-47904

HIGH

PhreeBooks 5.2.3 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-47904. PoCs published by Kr0ff, Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution vulnerability in PhreeBooks 5.2.3 via unrestricted file upload in the 'Image Manager' section. It uploads a PHP web shell to execute arbitrary commands on the target system.

Description

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

Exploits (2)

exploitdb WORKING POC

by Kr0ff · pythonwebappsphp

https://www.exploit-db.com/exploits/49524

View Code ZIP pw:eip

This exploit demonstrates an authenticated remote code execution vulnerability in PhreeBooks 5.2.3 via unrestricted file upload in the 'Image Manager' section. It uploads a PHP web shell to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PhreeBooks 5.2.3

Auth required

Prerequisites: Valid credentials for PhreeBooks · Access to the 'Image Manager' section

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Metin Yunus Kandemir · pythonremotepython

https://www.exploit-db.com/exploits/46645

View Code ZIP pw:eip

This exploit demonstrates a remote command execution vulnerability in PhreeBooks ERP 5.2.3 by uploading a malicious PHP file through the Image Manager due to lack of file extension controls. It authenticates, uploads a reverse shell payload, and executes it to establish a connection to an attacker-controlled server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PhreeBooks ERP v5.2.3

Auth required

Prerequisites: Valid user credentials · Network access to the target · Listener set up on attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49524

Various Sources product

https://www.phreesoft.com/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46645

Various Sources product

https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/phreebooks-remote-code-execution

Scores

CVSS v3 8.8

EPSS 0.0061

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Phreesoft/PhreeBooks 5.2.3

Published Jan 23, 2026

Tracked Since Feb 18, 2026