Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to th…

CVE-2016-20052 is an unrestricted file upload vulnerability in Snews CMS version 1.7 that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can exploit this vulnerability through the multipart form-data upload endpoint to upload malicious PHP files. Once uploaded, attackers can execute these files by accessing the uploaded file path, leading to remote code execution. This vulnerability poses a significant security risk as it requires no authentication and can result in complete system compromise. The vulnerability has been documented with proof-of-concept exploits available on Exploit-DB.