Executive Summary

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

Why It Matters

CVE-2016-20052 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

EPSS (Exploit Prediction): 0.3% probability of exploitation in the next 30 days.

Affected Technologies

Vendors: snewscms

Products: snews

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-2016-20052.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-2016-20052 and similar vulnerabilities.

References & Sources

https://www.exploit-db.com/exploits/40706

https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

snews

Sources

NVD / NIST

criticalrce

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-2016-20052 — snewscms — snews