CVE-2022-47875
published 2023-05-02CVE-2022-47875: A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
10.16%
95.1th percentile
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jedox | jedox | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to /be/erpc.php containing directory traversal sequences (e.g., '../') in the 'c' query parameter, which is the exploitation vector for RCE. ↗
- →Detect POST requests to /be/erpc.php with a 'c' parameter value containing path traversal patterns as an indicator of active exploitation attempts. ↗
- →Alert on HTTP responses from Jedox file upload endpoints (e.g., Designer Import) that return a JSON body containing 'fspath', as attackers use this to retrieve the server-side path of uploaded files prior to exploitation. ↗
- →Flag upload of PHP files through Jedox file upload mechanisms (e.g., Import in Designer), as this is a prerequisite step for achieving RCE via the directory traversal vulnerability. ↗
- ·Exploitation requires the attacker to be authenticated AND have file upload permissions (e.g., Import in Designer). Unauthenticated users cannot directly exploit this vulnerability. ↗
- ·Affected versions include Jedox 2022.4 (22.4.2) and older, as well as the specifically named Jedox 2020.2.5. Patch or upgrade beyond these versions to remediate. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172152/Jedox-2022.4.2-Directory-Traversal-Remote-Code-Execution.htmlhttps://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdfhttp://packetstormsecurity.com/files/172152/Jedox-2022.4.2-Directory-Traversal-Remote-Code-Execution.htmlhttps://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf
2023-05-02
Published