3 matches found
CVE-2017-5990
PhreeBooksERP (pre-2017-02-13) both ShippingMethods/ups/label_mgr/js_include.php and ShippingMethods/yrc/label_mgr/js_include.php suffer from insufficient filtration of user-supplied data in the form GET parameter. This allows an attacker to trigger arbitrary HTML/JavaScript in a victim’s browser...
CVE-2019-25630
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager. Authenticated attackers can upload PHP files via the imgFile parameter to bizuno/image/manager and trigger remote code execution through bizunoFS.php. This is a network-accessible issue with high impact on ...
CVE-2019-25647
CVE-2019-25647 affects PhreeBooks ERP 5.2.3. A remote code execution vulnerability exists in the image manager that lets an authenticated attacker upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can place malicious PHP files via the image manager endpoint an...