# Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal  
# Date: 28/04/2023  
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL  
# Vendor Homepage:  
# Version: Jedox 2022.4 (22.4.2) and older  
# CVE : CVE-2022-47875  
A Directory Traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code. To exploit the vulnerability, the attacker must have the permissions to upload files.  
See [Docs Syslifters]( for a detailed write-up on how to exploit vulnerability.  
Proof of Concept  
1) This vulnerability can be exploited by first uploading a file using one of the existing file upload mechanisms (e.g. Import in Designer). When uploading a file, the web application returns the file system path in the JSON body of the HTTP response (look for `fspath`).  
2) Upload a PHP file and note the file system path (`fspath`)  
3) Get RCE via Directory Traversal  
PATH: /be/erpc.php?c=../../../../../fspath/of/uploaded/file/rce.php