Viaviweb Wallpaper Admin vulnerabilities
3 known vulnerabilities affecting viaviweb/viaviweb_wallpaper_admin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-50893P2CRITICALCVSS 9.8v1.02026-01-13
CVE-2022-50893 [CRITICAL] CWE-434 CVE-2022-50893: VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.
nvd
CVE-2022-50892P3CRITICALCVSS 9.8v1.02026-01-13
CVE-2022-50892 [CRITICAL] CWE-89 CVE-2022-50892: VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
nvd
CVE-2022-50894P3MEDIUMCVSS 6.5v1.02026-01-13
CVE-2022-50894 [MEDIUM] CWE-89 CVE-2022-50894: VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attac
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.
nvd