CVE-2016-20034

HIGH

Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Title source: cna

Description

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappsmultiple

https://www.exploit-db.com/exploits/40133

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/40133

[Vendor Advisory] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php

[Third Party Advisory] https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (2)

wowza/streaming_engine 4.5.0

Wowza Media Systems, LLC./Wowza Streaming Engine 4.5.0

Published Mar 16, 2026

Tracked Since Mar 16, 2026