Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover

Posted by deepcore on August 22, 2020 – 6:23 am

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL