Arbitrary file upload in Image Access Gmbh Scan2net

CVE-2024-47946

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PH…

Vulnerability class: Unrestricted File Upload

EPSS: 0.011 (61.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-47946?
CVE-2024-47946 is a high-severity vulnerability in Image Access Gmbh Scan2net, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 7.2/10. Published 2024-12-10.
How severe is CVE-2024-47946?
High severity. CVSS v3 base score is 7.2 out of 10.