Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Wowza |
|
No data.
No data.
No data.
References
History
Sun, 15 Mar 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials. | |
| Title | Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint | |
| First Time appeared |
Wowza
Wowza streaming Engine |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:* | |
| Vendors & Products |
Wowza
Wowza streaming Engine |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-03-15T18:34:22.874Z
Reserved: 2026-03-15T18:22:19.349Z
Link: CVE-2016-20035
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.