The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter ‘accessLevel’ to ‘admin’ gaining admin rights and/or setting the parameter ‘advUser’ to ‘true’ and ‘_advUser’ to ‘on’ gaining advanced admin rights. Version 4.5.0 build 18676 is affected.