What is the CVSS score of CVE-2021-47904?

CVE-2021-47904 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of PHP are affected by CVE-2021-47904?

PhreeBooks 5.2.3 deployments face a critical remote code execution risk through authenticated file uploads, allowing attackers to execute arbitrary commands on affected servers.

Is there a public PoC exploit available for CVE-2021-47904?

Yes, a public proof-of-concept exploit is available for CVE-2021-47904. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2021-47904?

Within 24 hours: Audit all PhreeBooks 5.2.3 instances in your environment and restrict network access to the Image Manager feature or disable it entirely if not in active use. Within 7 days: Implement strict file upload validation controls (whitelist only image MIME types, disable PHP execution in upload directories, enforce file extension restrictions) and deploy WAF rules to block suspicious upload patterns. Within 30 days: Plan and execute an emergency upgrade to a patched PhreeBooks version or migrate to an alternative accounting platform if no patch timeline is provided by the vendor.

PHP CVE-2021-47904

HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-01-23 disclosure@vulncheck.com

PHP RCE

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 26, 2026 - 15:03 vuln.today

Public exploit code

CVE Published

Jan 23, 2026 - 17:16 nvd

HIGH 8.8

DescriptionCVE.org

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

AnalysisAI

Technical ContextAI

Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Affects Image Manager. PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

Affected ProductsAI

Product: Image Manager.

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.