Snewscms Snews vulnerabilities
3 known vulnerabilities affecting snewscms/snews.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2016-20052P2CRITICALCVSS 9.8≤ 1.72026-04-04
CVE-2016-20052 [CRITICAL] CWE-434 CVE-2016-20052: Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attacke
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code
nvd
CVE-2011-2706P4MEDIUMCVSS 6.1≤ 1.7.12020-01-14
CVE-2011-2706 [MEDIUM] CWE-79 CVE-2011-2706: A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
nvd
CVE-2016-20051P4MEDIUMCVSS 4.3≤ 1.72026-04-04
CVE-2016-20051 [MEDIUM] CWE-352 CVE-2016-20051: Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change ad
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin user
nvd