CVE-2022-47875
HIGHJedox Cloud - Authenticated Path Traversal and Remote Code Execution via /be/erpc.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-47875. PoCs published by Team Syslifters.
AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Jedox 2022.4.2 via /be/erpc.php to achieve remote code execution. The attacker must first upload a malicious PHP file and then access it through path traversal.
Description
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
Exploits (1)
exploitdb
WORKING POC
by Team Syslifters · textwebappsphp
https://www.exploit-db.com/exploits/51424
This exploit leverages a directory traversal vulnerability in Jedox 2022.4.2 via /be/erpc.php to achieve remote code execution. The attacker must first upload a malicious PHP file and then access it through path traversal.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Jedox 2022.4 (22.4.2) and older
Auth required
Prerequisites:
Authenticated access · Permission to upload files
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/172152/Jedox-2022.4.2-Directory-Traversal-Remote-Code-Execution.html
Exploit, Third Party Advisory
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf
Scores
CVSS v3
8.8
EPSS
0.1016
EPSS Percentile
95.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (2)
jedox/cloud
jedox/jedox
2020.2.5
Published
May 02, 2023
Tracked Since
Feb 18, 2026