Lucene search
Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron MolnarPACKETSTORM:172152HistoryMay 05, 2023 - 12:00 a.m.
Jedox 2022.4.2 Directory Traversal / Remote Code Execution
2023-05-0500:00:00
Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar
packetstormsecurity.com
172
jedox 2022.4.2
directory traversal
remote code execution
cve-2022-47875
exploit
authentication
file upload
json response
exploitation method
0.02 Low
EPSS
Percentile
88.9%
`# Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47875
Introduction
=================
A Directory Traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code. To exploit the vulnerability, the attacker must have the permissions to upload files.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) This vulnerability can be exploited by first uploading a file using one of the existing file upload mechanisms (e.g. Import in Designer). When uploading a file, the web application returns the file system path in the JSON body of the HTTP response (look for `fspath`).
2) Upload a PHP file and note the file system path (`fspath`)
3) Get RCE via Directory Traversal
PATH: /be/erpc.php?c=../../../../../fspath/of/uploaded/file/rce.php
METHOD: POST
`
Related
cve
cve
CVE-2022-47875
2023-05-02 20:15:10
nvd
nvd
CVE-2022-47875
2023-05-02 20:15:10
zdt
zdt
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Vulnerability
2023-05-05 00:00:00
cvelist
cvelist
CVE-2022-47875
2023-05-02 00:00:00
prion
prion
Directory traversal
2023-05-02 20:15:00
exploitdb
exploitdb
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
2023-05-05 00:00:00