A critical unrestricted file upload vulnerability in Snews CMS 1.7 allows unauthenticated attackers to execute arbitrary code on the web server.

The application fails to validate file extensions during the upload process within the snews_files directory. This allows an unauthenticated attacker to upload malicious PHP scripts via a multipart form-data request and execute them directly via the web browser.

With a CVSS score of 9.8, this vulnerability allows for full control of the web server. This leads to potential unauthorized access to site databases, defacement, or the use of the server as a vector for further attacks against the organization, resulting in severe reputational and data security damage.

Immediate Action: Upgrade to the latest version of Snews CMS immediately and remove any suspicious files found within the snews_files directory.

Proactive Monitoring: Regularly audit the web root for unauthorized files and review server access logs for requests to files with suspicious extensions.

Compensating Controls: Configure the web server (e.g., Apache or Nginx) to disable script execution within the upload directory to prevent the activation of uploaded malicious files.

Public Exploit Available: true

This vulnerability is critical as it provides an easy path to remote code execution. Security teams must ensure that the CMS is updated and that strict file upload policies are enforced to mitigate the risk of unauthorized server access.