cbcvebase.
CVE-2022-47875
published 2023-05-02

CVE-2022-47875: A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.

PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
10.16%
95.1th percentile
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.

Affected

1 ranges
VendorProductVersion rangeFixed in
jedoxjedox

Detection & IOCsextracted from sources · hover to see the quote

path/be/erpc.php
url/be/erpc.php?c=../../../../../fspath/of/uploaded/file/rce.php
  • Monitor HTTP requests to /be/erpc.php containing directory traversal sequences (e.g., '../') in the 'c' query parameter, which is the exploitation vector for RCE.
  • Detect POST requests to /be/erpc.php with a 'c' parameter value containing path traversal patterns as an indicator of active exploitation attempts.
  • Alert on HTTP responses from Jedox file upload endpoints (e.g., Designer Import) that return a JSON body containing 'fspath', as attackers use this to retrieve the server-side path of uploaded files prior to exploitation.
  • Flag upload of PHP files through Jedox file upload mechanisms (e.g., Import in Designer), as this is a prerequisite step for achieving RCE via the directory traversal vulnerability.
  • ·Exploitation requires the attacker to be authenticated AND have file upload permissions (e.g., Import in Designer). Unauthenticated users cannot directly exploit this vulnerability.
  • ·Affected versions include Jedox 2022.4 (22.4.2) and older, as well as the specifically named Jedox 2020.2.5. Patch or upgrade beyond these versions to remediate.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.