CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-20052

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile3.66th
Published2026年4月4日
Last Modified2026年4月14日

Vulnerability Description

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

Affected Platforms (CPE)

📦
Snewscms

Snews

<= 1.7

References & Advisories

🔗 https://www.exploit-db.com/exploits/40706
🔗 https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files

相關漏洞威脅

CVE-2007-026110.0

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform u...

CVE-2007-48419.3

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrar...

CVE-2006-07167.5

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) catego...

CVE-2005-38537.5

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via th...