Snewscms

snewscms

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-20052 1Snewscms 1Snews Apr 14, 2026 Apr 4, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP...Show more Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.Show less
CVE-2016-20051 1Snewscms 1Snews Apr 14, 2026 Apr 4, 2026 6.9 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated admin...Show more Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.Show less
CVE-2011-2706 1Snewscms 1Snews Nov 21, 2024 Jan 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
CVE-2007-5303 1Snewscms 1Snewscms Rus Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.