CVE-2022-47878: Input Validation
First published: Tue May 02 2023(Updated: )
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.
Credit: Team Syslifters cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jedox Jedox | =2020.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-47878?
CVE-2022-47878 is a vulnerability that allows remote authenticated users to specify the location as Webroot directory in the default-storage-path on the settings page in Jedox 2020.2.5, leading to the execution of arbitrary code.
What is the severity of CVE-2022-47878?
CVE-2022-47878 has a severity value of 8.8, which is classified as high.
How does CVE-2022-47878 affect Jedox?
CVE-2022-47878 affects Jedox version 2020.2.5.
How can CVE-2022-47878 be exploited?
CVE-2022-47878 can be exploited by remote authenticated users who can specify the location as Webroot directory in the default-storage-path.
Is there a fix for CVE-2022-47878?
To fix CVE-2022-47878, it is recommended to upgrade to a version of Jedox that is not affected by this vulnerability.
- collector/nvd-latest
- exploited/true
- collector/exploitdb-recent
- alias/CVE-2022-47878
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jedox
- canonical/jedox jedox
- version/jedox jedox/2020.2.5