High severity8.8NVD Advisory· Published May 2, 2023· Updated Jun 17, 2026
CVE-2022-47878
CVE-2022-47878
Description
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Jedox/Jedoxdescription
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdfnvdExploitThird Party Advisory
- jedox.mantishub.io/app/issues/57238nvd
News mentions
0No linked articles in our index yet.