Snews

snews

Vendor: Snewscms • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-20052 1Snewscms 1Snews Apr 14, 2026 Apr 4, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP...Show more Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.Show less
CVE-2016-20051 1Snewscms 1Snews Apr 14, 2026 Apr 4, 2026 6.9 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated admin...Show more Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.Show less
CVE-2011-2706 1Snewscms 1Snews Nov 21, 2024 Jan 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.