216.73.217.86

CVE-2016-20051

· Published 04/04/2026 14:16 · Modified 04/04/2026 14:16

Labels: CVE-2016-20051 2026-04-04CVE-2016-20051CWE-352[email protected]

Essential information

Published
04/04/2026 14:16
Modified
04/04/2026 14:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
snews / snews cms cpe:2.3:a:snews:snews_cms:1.7:*:*:*:*:*:*:*

References