CVE-2022-50893

CRITICAL

VIAVIWEB Wallpaper Admin 1.0 - Unauthenticated Remote Code Execution via Image Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50893. PoCs published by Edd13Mora.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Description

VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.

Exploits (1)

exploitdb WORKING POC
by Edd13Mora · textwebappsphp
https://www.exploit-db.com/exploits/51033

This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Classification
Working Poc 90%
Attack Type
Rce | Sqli
Complexity
Trivial
Reliability
Reliable
Target: VIAVIWEB Wallpaper Admin 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to send HTTP requests to the vulnerable endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51033
Product product
https://www.viaviweb.com

Scores

CVSS v3 9.8
EPSS 0.0083
EPSS Percentile 52.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
VIAVIWEB/VIAVIWEB Wallpaper Admin 1.0
viaviweb/wallpaper_admin 1.0
Published Jan 13, 2026
Tracked Since Feb 18, 2026