In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

Related CVEs

CVE-2023-1109

Key Information

GHSA ID

GHSA-w923-8w64-f5gh

Published

April 17, 2023 9:30 AM

Last Modified

April 17, 2023 9:30 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.