{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T18:27:36.467","vulnerabilities":[{"cve":{"id":"CVE-2021-47904","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-01-23T17:16:03.990","lastModified":"2026-06-17T04:18:43.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server."},{"lang":"es","value":"PhreeBooks 5.2.3 contiene una vulnerabilidad de carga de archivos autenticada en el Gestor de Imágenes que permite la ejecución remota de código. Los atacantes pueden cargar una shell web PHP maliciosa explotando las cargas de tipos de archivo sin restricciones para obtener ejecución de comandos en el servidor."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Phreesoft","product":"PhreeBooks","versions":[{"version":"5.2.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-23T20:55:58.124127Z","id":"CVE-2021-47904","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46645","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/49524","source":"disclosure@vulncheck.com"},{"url":"https://www.phreesoft.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phreebooks-remote-code-execution","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/49524","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}