2 matches found
Argument Injection
Overview Affected versions of this package are vulnerable to Argument Injection via the FFmpeg codec. An attacker in possession of a valid itemId can execute arbitrary code by injecting unsanitized parameters at the /Videos//stream or /Videos//stream. endpoints. Remediation Upgrade...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the ValidateVersion function. An attacker with administrative access can set up a network share and supply a UNC path to the /System/MediaEncoder/Path endpoint, which points to an executable on the network...