CVE-2016-20051

MEDIUM 5.3

Snews CMS 1.7 Cross-Site Request Forgery via changeup

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

4th

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

CWE	CWE-352
Vendor	snewscms
Product	snews cms cross site request forgery
Published	Apr 4, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for snewscms snews cms cross site request forgery

Be the first to know when new medium vulnerabilities affecting snewscms snews cms cross site request forgery are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

Snewscms / Snews CMS Cross Site Request Forgery

1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/40705 vulncheck.com: https://www.vulncheck.com/advisories/snews-cms-cross-site-request-forgery-via-changeup

Credits

Ashiyane Digital Security Team