cve/CVE-2020-12517.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

CVE-2020-12517

![](https://img.shields.io/static/v1?label=Product&message=RFC%204072S%20(1051328&color=blue)

Description

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

POC

Reference

https://cert.vde.com/en-us/advisories/vde-2020-049
https://cert.vde.com/en-us/advisories/vde-2020-049

Github

No PoCs found on GitHub currently.

1.3 KiB Raw Blame History

CVE-2020-12517

Description

POC

Reference

Github

1.3 KiB

Raw Blame History