CVE-2022-50892
SQL Injection in VIAVIWEB Wallpaper Admin Enables Authentication Bypass
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| viaviweb | wallpaper_admin | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50892 is a SQL injection vulnerability in VIAVIWEB Wallpaper Admin 1.0, specifically on the login page. Attackers can inject malicious SQL payloads such as 'admin' or '1=1-- -' into the login credentials, which allows them to bypass authentication and gain unauthorized administrative access to the system. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass authentication and gain unauthorized access to the administrative interface of VIAVIWEB Wallpaper Admin 1.0. This unauthorized access could lead to manipulation of the system, potential data breaches, and further exploitation such as remote code execution, compromising the confidentiality and integrity of the system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the login page for SQL injection by injecting payloads such as 'admin' or 1=1-- - into the login credentials and observing if authentication is bypassed. A proof of concept involves disabling JavaScript, submitting the payload, then re-enabling JavaScript and resubmitting to exploit the vulnerability. Specific commands are not provided, but manual testing of the login form with these payloads or using SQL injection testing tools against the login page can help detect the issue. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable login page, applying input validation and parameterized queries to prevent SQL injection, and ensuring proper file upload restrictions to prevent remote code execution. Since the vulnerability allows authentication bypass via SQL injection, patching the application to fix the SQL injection flaw is critical. Additionally, monitoring and blocking suspicious login attempts with SQL injection payloads can help reduce risk until a patch is applied. [3]