CVE-2016-20052

CRITICAL 9.8

Snews CMS 1.7 Unrestricted File Upload via snews_files

CVSS Score

9.8

EPSS Score

0.2%

EPSS Percentile

42th

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

CWE	CWE-434
Vendor	snewscms
Product	snews cms upload sheller
Published	Apr 4, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for snewscms snews cms upload sheller

Be the first to know when new critical vulnerabilities affecting snewscms snews cms upload sheller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Snewscms / Snews CMS upload sheller

1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/40706 vulncheck.com: https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files

Credits

Ashiyane Digital Security Team