CVE-2022-50892

HIGH

VIAVIWEB Wallpaper Admin 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50892. PoCs published by Edd13Mora.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Description

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.

Exploits (1)

exploitdb WORKING POC
by Edd13Mora · textwebappsphp
https://www.exploit-db.com/exploits/51033

This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Classification
Working Poc 90%
Attack Type
Rce | Sqli
Complexity
Trivial
Reliability
Reliable
Target: VIAVIWEB Wallpaper Admin 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to send HTTP requests to the vulnerable endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, VDB Entry exploit
https://www.exploit-db.com/exploits/51033
Product product
https://www.viaviweb.com

Scores

CVSS v3 8.2
EPSS 0.0060
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
VIAVIWEB/VIAVIWEB Wallpaper Admin 1.0
viaviweb/wallpaper_admin 1.0
Published Jan 13, 2026
Tracked Since Feb 18, 2026