CVE-2016-20035

Medium CVSS: 6.9

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.

Vendor

Wowza

Product

Streaming Engine

CWE

CWE-352

Yayın Tarihi

2026-03-16 14:17:50

Güncelleme

2026-03-19 14:17:08

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Streaming Engine MEDIUM Wowza 2026

Referanslar

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5341.php https://www.exploit-db.com/exploits/40134 https://www.vulncheck.com/advisories/wowza-streaming-engine-csrf-via-user-edit-endpoint

Benzer Kayıtlar

High

CVE-2016-20033

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to esca…

High

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to…

Medium

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager inter…