CVE-2022-47878

HIGH

Jedox - Unrestricted File Upload

Title source: rule

Description

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.

Exploits (1)

exploitdb WRITEUP
by Team Syslifters · textwebappsphp
https://www.exploit-db.com/exploits/51426

References (3)

Scores

CVSS v3 8.8
EPSS 0.2541
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
jedox/jedox 2020.2.5
Published May 02, 2023
Tracked Since Feb 18, 2026