CVE-2023-36255
HIGHEramba Limited <3.19.1 - RCE
Title source: llmDescription
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Trovent Security GmbH, Sergey Makarov, Stefan Pietsch, Niklas Rubel, msutovsky-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eramba_rce.rb
Scores
CVSS v3
8.8
EPSS
0.8770
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
eramba/eramba
3.19.1
Published
Aug 03, 2023
Tracked Since
Feb 18, 2026