snewscms CVE Vulnerabilities & Metrics

Focus on snewscms vulnerabilities and metrics.

Last updated: 16 Apr 2026, 22:25 UTC

About snewscms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with snewscms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total snewscms CVEs: 3
Earliest CVE date: 09 Oct 2007, 18:17 UTC
Latest CVE date: 04 Apr 2026, 14:16 UTC

Latest CVE reference: CVE-2016-20052

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical snewscms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.15

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS snewscms CVEs

These are the five CVEs with the highest CVSS scores for snewscms, sorted by severity first and recency.

CVE-2011-2706 snewscms Published on 14 Jan 2020, 21:15 UTC (CVSS: 4.3)
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
CVE-2007-5303 snewscms Published on 09 Oct 2007, 18:17 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
CVE-2016-20052 snewscms Published on 04 Apr 2026, 14:16 UTC (CVSS: 0)
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.
CVE-2016-20051 snewscms Published on 04 Apr 2026, 14:16 UTC (CVSS: 0)
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthori...

All CVEs for snewscms

CVE-2016-20052 snewscms vulnerability CVSS: 0 04 Apr 2026, 14:16 UTC

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

CVE-2016-20051 snewscms vulnerability CVSS: 0 04 Apr 2026, 14:16 UTC

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

CVE-2011-2706 snewscms vulnerability CVSS: 4.3 14 Jan 2020, 21:15 UTC

A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.

CVE-2007-5303 snewscms vulnerability CVSS: 4.3 09 Oct 2007, 18:17 UTC

Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.