CVE-2022-47879

HIGH

Jedox <= 22.5 - Authenticated Remote Code Execution via /be/rpc.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-47879. PoCs published by Team Syslifters.

AI-analyzed exploit summary This exploit demonstrates multiple RPC-based attacks in Jedox 2022.4.2, including credential theft, SSRF, and configuration leaks via exposed PHP methods. It requires authentication and leverages specific functions like `Studio::getUserCreds` and `conn::test_palo`.

Description

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected.

Exploits (1)

exploitdb WORKING POC
by Team Syslifters · textwebappsphp
https://www.exploit-db.com/exploits/51423

This exploit demonstrates multiple RPC-based attacks in Jedox 2022.4.2, including credential theft, SSRF, and configuration leaks via exposed PHP methods. It requires authentication and leverages specific functions like `Studio::getUserCreds` and `conn::test_palo`.

Classification
Working Poc 90%
Attack Type
Info Leak | Ssrf | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Jedox 2022.4 (22.4.2) and older
Auth required
Prerequisites: Valid authenticated session · Knowledge of target RPC methods
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.5
EPSS 0.0674
EPSS Percentile 93.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (2)
jedox/jedox 2020.2.5
jedox/jedox_cloud
Published May 12, 2023
Tracked Since Feb 18, 2026