CVE-2022-50894

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VIAVIWEB Wallpaper Admin version 1.0

Description The software contains an SQL injection issue that allows authenticated attackers to manipulate database queries. Attackers can inject SQL code through the img id parameter. Specifically, sending crafted GET requests to the ''edit gallery image.php'' endpoint with malicious img id values allows attackers to extract database information.

Recommendations Apply a fix to sanitize the img id parameter in the ''edit gallery image.php'' endpoint to prevent SQL injection.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-50894

Affected Products

Viaviweb Wallpaper

CVE-2022-50894

Weakness Enumeration

Related Identifiers

Affected Products

References · 6