Stick-U235

**Name of the Vulnerable Software and Affected Versions** Franklin Fueling Systems TS-550 evo version 2.3.0.7332 **Description** The issue allows an attacker with the lowest privileges, as the Guest user, to download sensitive system files from the host machine. This is achieved by posting to the `idSourceFileName` parameter within the "/download" directory. The accessible files can include databases containing information useful for further attacks. **Recommendations** For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting access to the `/download` directory to prevent unauthorized file downloads. Additionally, limit the ability of the Guest user to post to the `idSourceFileName` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Franklin Fueling Systems TS-550 evo version 2.3.0.7332 **Description** The issue allows an attacker to upload malicious files to the server hosting the web service due to the lack of sanitization checks. This can be achieved by exploiting a specific weakness to obtain the roleDiag user credentials. **Recommendations** For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting file upload capabilities for the roleDiag user until a proper fix is implemented to sanitize uploaded files and prevent malicious payloads.