CVE-2022-50894

MEDIUM

VIAVIWEB Wallpaper Admin 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50894. PoCs published by Edd13Mora.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Description

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.

Exploits (1)

exploitdb WORKING POC
by Edd13Mora · textwebappsphp
https://www.exploit-db.com/exploits/51033

This exploit demonstrates multiple vulnerabilities in VIAVIWEB Wallpaper Admin 1.0, including SQL injection on the login page and an unauthenticated remote code execution via file upload. The RCE is achieved by uploading a malicious PHP file disguised as an image.

Classification
Working Poc 90%
Attack Type
Rce | Sqli
Complexity
Trivial
Reliability
Reliable
Target: VIAVIWEB Wallpaper Admin 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to send HTTP requests to the vulnerable endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0042
EPSS Percentile 33.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
VIAVIWEB/VIAVIWEB Wallpaper Admin 1.0
viaviweb/wallpaper_admin 1.0
Published Jan 13, 2026
Tracked Since Feb 18, 2026