The exploit demonstrates a persistent RCE vulnerability in sNews CMS v1.7.1 via CSRF, allowing arbitrary command execution through crafted article submissions. It also includes CSRF for account hijacking and arbitrary file deletion, along with persistent XSS.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:sNews CMS v1.7.1
Auth required
Prerequisites:Authenticated user session · Victim interaction (e.g., visiting a malicious page)