fkie_cve-2024-47946
Vulnerability from fkie_nvd
Published
2024-12-10 08:15
Modified
2024-12-20 21:15
Severity ?
Summary
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data".
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as \"www-data\"."
},
{
"lang": "es",
"value": "Si el atacante tiene acceso a una sesi\u00f3n v\u00e1lida de usuario avanzado, es posible la ejecuci\u00f3n remota de c\u00f3digo porque se pueden cargar archivos PNG v\u00e1lidos especialmente manipulados con contenido PHP inyectado como fondos de escritorio o pantallas de bloqueo. Despu\u00e9s de la carga, el script PHP est\u00e1 disponible en la ra\u00edz web. El c\u00f3digo PHP se ejecuta una vez que se accede al archivo cargado. Esto permite la ejecuci\u00f3n de c\u00f3digo PHP arbitrario y comandos del sistema operativo en el dispositivo como \"www-data\"."
}
],
"id": "CVE-2024-47946",
"lastModified": "2024-12-20T21:15:08.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-10T08:15:19.210",
"references": [
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"url": "https://r.sec-consult.com/imageaccess"
},
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"url": "https://www.imageaccess.de/?page=SupportPortal\u0026lang=en"
}
],
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…