CVE-2016-20052

CRITICAL

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/4/2026Modified: 4/4/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2016-20052 — Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows una...

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

CVE-2016-20052
NIST NVD

References (2)

https://www.exploit-db.com/exploits/40706https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files