PT-2017-17162 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo

Stick-U235

Publicado

2017-05-01

Atualizado

2024-02-14

CVE-2017-6565

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Franklin Fueling Systems TS-550 evo version 2.3.0.7332

Description The issue allows an attacker to upload malicious files to the server hosting the web service due to the lack of sanitization checks. This can be achieved by exploiting a specific weakness to obtain the roleDiag user credentials.

Recommendations For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting file upload capabilities for the roleDiag user until a proper fix is implemented to sanitize uploaded files and prevent malicious payloads.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2017-6565

Produtos afetados

Franklin Fueling Systems Ts-550 Evo

PT-2017-17162 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo

CVE-2017-6565

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4