CVE-2017-6564

Name of the Vulnerable Software and Affected Versions Franklin Fueling Systems TS-550 evo version 2.3.0.7332

Description The issue allows an attacker with the lowest privileges, as the Guest user, to download sensitive system files from the host machine. This is achieved by posting to the idSourceFileName parameter within the "/download" directory. The accessible files can include databases containing information useful for further attacks.

Recommendations For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting access to the /download directory to prevent unauthorized file downloads. Additionally, limit the ability of the Guest user to post to the idSourceFileName parameter to minimize the risk of exploitation.