[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-20052":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-05T03:10:34.883Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":39,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":42,"related":43,"reserved_at":9,"published_at":44,"modified_at":45,"state":46,"summary":47,"references_raw":54,"kevs":65,"epss":9,"epss_history":66,"metrics":67,"affected":79},"CVE-2016-20052","Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[],[25],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":35,"metasploit":9},"40706","sNews 1.7.1 - Arbitrary File Upload","exploit-database","https://www.exploit-db.com/exploits/40706","poc",0.8,true,[34],"php",{"verified":32,"type":36,"platform":34,"file":37,"codes":38},"webapps","exploits/php/webapps/40706.txt",[],[],[],[],[],[],"2026-04-04T13:50:57.457Z","2026-04-04T19:59:42.908Z","Received",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":49,"severity_score":50,"severity_version":51,"severity_source":52,"severity_vector":53,"severity_status":46},false,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[55,60],{"url":29,"sources":56,"tags":58},[52,57],"nvd",[59],"Exploit",{"url":61,"sources":62,"tags":63},"https://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files",[52,57],[64],"Third Party Advisory",[],[],[68,75],{"source":52,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":69,"cvss_v4_0":72},{"baseScore":50,"baseSeverity":70,"vectorString":53,"impactScore":50,"exploitabilityScore":71},"CRITICAL",10,{"baseScore":73,"baseSeverity":70,"vectorString":74,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":57,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":76,"cvss_v4_0":77},{"baseScore":50,"baseSeverity":70,"vectorString":53,"impactScore":50,"exploitabilityScore":71},{"baseScore":73,"baseSeverity":70,"vectorString":78,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[80],{"ecosystem":9,"name":81,"vendor":82,"product":83,"cpe_part":84,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":85},"Snews CMS upload sheller","snewscms","snews cms upload sheller","a",[86],{"version":87,"is_range":48,"range_type":52,"version_start":87,"version_start_type":88,"version_end":87,"version_end_type":88,"fixed_in":9},"1.7","including"]