CVE-2022-47878 Information

Description

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.

Reference

https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf