CVE-2024-47946

Name of the Vulnerable Software and Affected Versions No specific software name or versions are mentioned in the provided descriptions.

Description The issue allows for remote code execution if an attacker has access to a valid Poweruser session. This is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed, allowing the execution of arbitrary PHP code and OS commands on the device as "www-data".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.