CVE-2016-20052

CriticalPublic PoC

Published: 04 April 2026

Published

04 April 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 55.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by…

accessing the uploaded file path to achieve remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely identification, reporting, and correction of the software flaw enabling unrestricted file uploads leading to RCE.

SI-10 Information Input Validation good match

prevent

Mandates validation of file upload inputs to reject dangerous types like PHP executables, directly preventing exploitation of the unrestricted upload vulnerability.

AC-3 Access Enforcement good match

prevent

Enforces access control policies on the multipart form-data upload endpoint to block unauthenticated attackers from uploading arbitrary files.

Security SummaryAI

CVE-2016-20052 is an unrestricted file upload vulnerability in Snews CMS version 1.7. The flaw resides in the file upload functionality, which allows attackers to upload arbitrary files, including PHP executables, to the snews_files directory via a multipart form-data upload endpoint. This issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), denoting critical severity.

Unauthenticated attackers can exploit the vulnerability over the network with low complexity and no user interaction required. By uploading a malicious PHP file through the exposed endpoint, they gain the ability to execute arbitrary code by directly accessing the uploaded file's path in the snews_files directory, resulting in remote code execution on the server.

Advisories and references highlight the issue but do not specify patches or mitigations in the available details. Relevant resources include an Exploit-DB entry with a proof-of-concept (https://www.exploit-db.com/exploits/40706) and a VulnCheck advisory (https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files). Security practitioners should verify for updates from the vendor and restrict file upload endpoints where possible.

Details

CWE(s): CWE-434

Affected Products

snewscms

snews

≤ 1.7

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an unrestricted file upload in a public-facing web application (Snews CMS), enabling unauthenticated remote code execution, which directly maps to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/40706
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files
Third Party Advisory · disclosure@vulncheck.com