CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-20051

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.4%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.exploit-db.com/exploits/40705
https://www.vulncheck.com/advisories/snews-cms-cross-site-request-forgery-via-changeup

Products affected by CVE-2016-20051

Snewscms » Snews » Version: 1.3

cpe:2.3:a:snewscms:snews:1.3
Snewscms » Snews » Version: 1.4

cpe:2.3:a:snewscms:snews:1.4
Snewscms » Snews » Version: 1.5.31

cpe:2.3:a:snewscms:snews:1.5.31
Snewscms » Snews » Version: 1.6

cpe:2.3:a:snewscms:snews:1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-20051

Products

Pricing

Contact Us