CVE-2022-50892
Unknown Unknown - Not Provided
SQL Injection in VIAVIWEB Wallpaper Admin Enables Authentication Bypass

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50892
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
viaviweb wallpaper_admin 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50892 is a SQL injection vulnerability in VIAVIWEB Wallpaper Admin 1.0, specifically on the login page. Attackers can inject malicious SQL payloads such as 'admin' or '1=1-- -' into the login credentials, which allows them to bypass authentication and gain unauthorized administrative access to the system. [2, 3]

Impact Analysis

This vulnerability can allow attackers to bypass authentication and gain unauthorized access to the administrative interface of VIAVIWEB Wallpaper Admin 1.0. This unauthorized access could lead to manipulation of the system, potential data breaches, and further exploitation such as remote code execution, compromising the confidentiality and integrity of the system. [2, 3]

Detection Guidance

This vulnerability can be detected by testing the login page for SQL injection by injecting payloads such as 'admin' or 1=1-- - into the login credentials and observing if authentication is bypassed. A proof of concept involves disabling JavaScript, submitting the payload, then re-enabling JavaScript and resubmitting to exploit the vulnerability. Specific commands are not provided, but manual testing of the login form with these payloads or using SQL injection testing tools against the login page can help detect the issue. [3]

Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the vulnerable login page, applying input validation and parameterized queries to prevent SQL injection, and ensuring proper file upload restrictions to prevent remote code execution. Since the vulnerability allows authentication bypass via SQL injection, patching the application to fix the SQL injection flaw is critical. Additionally, monitoring and blocking suspicious login attempts with SQL injection payloads can help reduce risk until a patch is applied. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart