Arbitrary file upload in Image Access Gmbh Scan2net
CVE-2024-47946
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PH…
Vulnerability class: Unrestricted File Upload
EPSS: 0.011 (61.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Image Access Gmbh Scan2net — versions 0
Weakness classification (CWE)
References
- 551230f0-3615-47bd-b7cc-93e92e730bbf (third-party-advisory)
- 551230f0-3615-47bd-b7cc-93e92e730bbf (patch)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2024-47946?
- CVE-2024-47946 is a high-severity vulnerability in Image Access Gmbh Scan2net, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 7.2/10. Published 2024-12-10.
- How severe is CVE-2024-47946?
- High severity. CVSS v3 base score is 7.2 out of 10.