CVE-2023-36255

HIGH

eramba 3.19.1 - Remote Code Execution via Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36255. PoCs published by Trovent Security GmbH, Sergey Makarov, Stefan Pietsch, Niklas Rubel, msutovsky-r7, including Metasploit module exploits/linux/http/eramba_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated RCE vulnerability in Eramba (up to 3.19.1) by abusing the 'path' parameter in the 'download-test-pdf' endpoint when debug mode is enabled. It authenticates, retrieves CSRF tokens, and executes arbitrary commands via the payload.

Description

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Trovent Security GmbH, Sergey Makarov, Stefan Pietsch, Niklas Rubel, msutovsky-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eramba_rce.rb

This Metasploit module exploits an authenticated RCE vulnerability in Eramba (up to 3.19.1) by abusing the 'path' parameter in the 'download-test-pdf' endpoint when debug mode is enabled. It authenticates, retrieves CSRF tokens, and executes arbitrary commands via the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Eramba (up to 3.19.1)
Auth required
Prerequisites: Valid credentials · Debug mode enabled · Access to the login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.5736
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
eramba/eramba 3.19.1
Published Aug 03, 2023
Tracked Since Feb 18, 2026