Vulnerability — CVE-2022-47878

CVE-2022-47878

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-47878
Description:: Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.
Last updated date:: 05/10/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2023
Reference url to background: http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2023
Reference url to background: https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf