CVE-2024-47946
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Dec 10, 2024
Updated: Dec 20, 2024
CWE ID 434
Summary
CVE-2024-47946 is a newly discovered vulnerability that enables remote code execution on devices if an attacker has access to a valid Poweruser session. They can exploit this by uploading specially crafted valid PNG files containing injected PHP content as desktop backgrounds or lock screens. Once uploaded, the PHP script becomes accessible in the web root, leading to the execution of arbitrary PHP code and OS commands, running with the permissions of the "www-data" user.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share