{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T04:53:11.771","vulnerabilities":[{"cve":{"id":"CVE-2024-47946","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2024-12-10T08:15:19.210","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as \"www-data\"."},{"lang":"es","value":"Si el atacante tiene acceso a una sesión válida de usuario avanzado, es posible la ejecución remota de código porque se pueden cargar archivos PNG válidos especialmente manipulados con contenido PHP inyectado como fondos de escritorio o pantallas de bloqueo. Después de la carga, el script PHP está disponible en la raíz web. El código PHP se ejecuta una vez que se accede al archivo cargado. Esto permite la ejecución de código PHP arbitrario y comandos del sistema operativo en el dispositivo como \"www-data\"."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://r.sec-consult.com/imageaccess","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"https://www.imageaccess.de/?page=SupportPortal&lang=en","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}