A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine up to and including 4.8.11+5 allows a remote malicious user to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wowza streaming engine |