Wowza Streaming Engine 4.5.0 Remote Privilege Escalation
Posted by deepcore on July 21, 2016 – 4:44 am
The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter ‘accessLevel’ to ‘admin’ gaining admin rights and/or setting the parameter ‘advUser’ to ‘true’ and ‘_advUser’ to ‘on’ gaining advanced admin rights. Version 4.5.0 build 18676 is affected.
Post a reply
You must be logged in to post a comment.