CVE-2023-36255

Name of the Vulnerable Software and Affected Versions Eramba versions 3.19.1

Description The issue allows a remote attacker to execute arbitrary code via the path parameter in the URL. This can be exploited by manipulating the URL to inject malicious code.

Recommendations For version 3.19.1, as a temporary workaround, consider restricting access to the vulnerable URL endpoint until a patch is available. Avoid using the path parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.