FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation

The application suffers from a privilege escalation vulnerability. A normal user (group USER, 0) can elevate her privileges by sending a HTTP POST request and setting the JSON parameter ‘privilege’ to integer value ‘1’ gaining administrative rights (group ADMINISTRATOR, 1).