CVE-2016-20051 MEDIUM

CVE-2016-20051: Snews CMS 1.7 Cross-Site Request Forgery via changeup

Vendor Snewscms
Product Snews CMS Cross Site Request Forgery
Weakness CWE-352 · CSRF
Published April 4, 2026
Last update April 6, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

Key dates

02Disclosure timeline

April 4, 2026 CVE published
April 6, 2026 Record updated