CVE-2016-20034

🗓️ 15 Mar 2026 18:34:22Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 13 Views🌐 WEB

Wowza 4.5.0 lets authenticated read-only users escalate to admin via user edit POST with accessLevel admin and advUser.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2016-20034	15 Mar 202618:34	–	attackerkb
Circl	CVE-2016-20034	19 Mar 202616:20	–	circl
CNNVD	Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞	16 Mar 202600:00	–	cnnvd
Cvelist	CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit	15 Mar 202618:34	–	cvelist
EUVD	EUVD-2016-10823	16 Mar 202615:30	–	euvd
NVD	CVE-2016-20034	16 Mar 202614:17	–	nvd
OpenVAS	Wowza Streaming Engine Multiple Vulnerabilities	7 Sep 201600:00	–	openvas
Positive Technologies	PT-2026-25732	16 Mar 202600:00	–	ptsecurity
Vulnrichment	CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit	15 Mar 202618:34	–	vulnrichment
Zero Science Lab	Wowza Streaming Engine 4.5.0 Remote Privilege Escalation Exploit	19 Jul 201600:00	–	zeroscience

NVD

Vulners

CNA

Node

wowza streaming_engineMatch4.5.0

[
  {
    "vendor": "Wowza Media Systems, LLC.",
    "product": "Wowza Streaming Engine",
    "versions": [
      {
        "version": "4.5.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php
exploit-db	www.exploit-db.com/exploits/40133
vulncheck	www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit

Parameter	Position	Path	Description	CWE
version	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
action	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
userName	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
userPassword	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
userPassword2	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
accessLevel	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
advUser	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
_advUser	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352
ignoreWarnings	request body	/enginemanager/server/user/edit.htm	Privilege escalation via POST parameters to set accessLevel=admin and advUser/_advUser to gain admin/advanced admin rights	CWE-352

17 Jun 2026 00:43Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18 - 8.8

CVSS 48.7

EPSS0.00209

SSVC

CWE-352