CyberSec.Space Logo
Back to CVE Browser

CVE-2016-20052

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile3.66th
PublishedApr 4, 2026
Last ModifiedApr 14, 2026

Vulnerability Description

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

Affected Platforms (CPE)

📦
Snewscms

Snews

<= 1.7

References & Advisories

🔗 https://www.exploit-db.com/exploits/40706
🔗 https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files

Related Vulnerabilities

CVE-2007-026110.0

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform u...

CVE-2007-48419.3

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrar...

CVE-2006-07167.5

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) catego...

CVE-2005-38537.5

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via th...