CVE-2016-20034

High CVSS: 8.7

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

Vendor

Wowza

Product

Streaming Engine

CWE

CWE-352

Yayın Tarihi

2026-03-16 14:17:50

Güncelleme

2026-03-19 14:16:48

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Streaming Engine HIGH Wowza 2026

Referanslar

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php https://www.exploit-db.com/exploits/40133 https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit

Benzer Kayıtlar

High

CVE-2016-20033

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to esca…

Medium

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform admini…

Medium

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager inter…