CVE-2022-36534

HIGH

Syncovery 8.00-9.48j - Authenticated Remote Code Execution via Job_ExecuteBefore/After Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-36534. PoCs published by Jan Rude, including Metasploit module exploits/unix/http/syncovery_linux_rce_2022_36534.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in Syncovery for Linux Web-GUI (CVE-2022-36534). It allows remote code execution as root by creating a malicious job profile that executes arbitrary commands before/after a profile run.

Description

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Jan Rude · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb

This Metasploit module exploits an authenticated command injection vulnerability in Syncovery for Linux Web-GUI (CVE-2022-36534). It allows remote code execution as root by creating a malicious job profile that executes arbitrary commands before/after a profile run.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Syncovery for Linux < 9.48j
Auth required
Prerequisites: Valid credentials or session token · Access to Syncovery Web-GUI
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.5424
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
syncovery/syncovery 8.00 - 9.48j
Published Sep 16, 2022
Tracked Since Feb 18, 2026