Home / Vulnerability Intelligence / CVE-2016-20034

CVE-2016-20034 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 16, 2026

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

Severity & Score

Severity: High

CVSS Score: 8.8

References

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.php
https://www.exploit-db.com/exploits/40133
https://www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-edit

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2016-20034
Severity: High
CVSS Score: 8.8
Status: unconfirmed

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H