CVE-2017-6564

2017-05-01T19:59:00
ID CVE-2017-6564
Type cve
Reporter cve@mitre.org
Modified 2019-10-03T00:03:00

Description

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.