An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote malicious user to execute arbitrary code via the path parameter in the URL.
eramba eramba 3.19.1