PT-2026-2370 · Unknown · Viaviweb Wallpaper
[Edd13Mora]
·
Publicado
2026-01-13
·
Atualizado
2026-01-14
·
CVE-2022-50894
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
VIAVIWEB Wallpaper Admin version 1.0
Description
The software contains an SQL injection issue that allows authenticated attackers to manipulate database queries. Attackers can inject SQL code through the
img id parameter. Specifically, sending crafted GET requests to the ''edit gallery image.php'' endpoint with malicious img id values allows attackers to extract database information.Recommendations
Apply a fix to sanitize the
img id parameter in the ''edit gallery image.php'' endpoint to prevent SQL injection.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Viaviweb Wallpaper