Home / Vulnerability Intelligence / CVE-2016-20052

CVE-2016-20052 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 4, 2026

Snews CMS - Unrestricted File Upload

Published: April 4, 2026Updated: April 4, 2026Remote Exploitable

Overview

Snews CMS 1.7 contains an unrestricted file upload vulnerability caused by lack of upload restrictions in the multipart form-data endpoint, letting unauthenticated attackers upload and execute arbitrary PHP files, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can upload and execute arbitrary PHP files, leading to full remote code execution on the server.

Mitigation

Update to the latest version with upload restrictions or apply patches to restrict file uploads.

References

https://www.exploit-db.com/exploits/40706
https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2016-20052
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H