Eramba · Eramba · CVE-2023-36255
**Name of the Vulnerable Software and Affected Versions**
Eramba versions 3.19.1
**Description**
The issue allows a remote attacker to execute arbitrary code via the `path` parameter in the URL. This can be exploited by manipulating the URL to inject malicious code.
**Recommendations**
For version 3.19.1, as a temporary workaround, consider restricting access to the vulnerable URL endpoint until a patch is available. Avoid using the `path` parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.