[Edd13Mora]

**Name of the Vulnerable Software and Affected Versions** VIAVIWEB Wallpaper Admin version 1.0 **Description** The software contains a SQL injection issue that allows attackers to bypass authentication. Attackers can manipulate login credentials, specifically by injecting a payload such as 'admin' or 1=1-- - into the login page to gain unauthorized access to the administrative interface. The vulnerable login page is susceptible to SQL injection attacks through manipulation of login credentials. The `login` page is the entry point for this issue. The vulnerable parameters include the `username` and `password` fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VIAVIWEB Wallpaper Admin version 1.0 **Description** The software contains an unauthenticated remote code execution issue in the image upload functionality. An attacker can upload a malicious PHP file through the ''add gallery image.php'' endpoint, allowing for arbitrary code execution on the server. The vulnerable parameter is the uploaded file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VIAVIWEB Wallpaper Admin version 1.0 **Description** The software contains an SQL injection issue that allows authenticated attackers to manipulate database queries. Attackers can inject SQL code through the `img id` parameter. Specifically, sending crafted GET requests to the ''edit gallery image.php'' endpoint with malicious `img id` values allows attackers to extract database information. **Recommendations** Apply a fix to sanitize the `img id` parameter in the ''edit gallery image.php'' endpoint to prevent SQL injection.