Arbitrary Code Execution via Default-Storage-Path in Jedox 2020.2.5

Arbitrary Code Execution via Default-Storage-Path in Jedox 2020.2.5

CVE-2022-47878 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.

Learn more about our Web App Pen Testing.