CVE-2022-50893
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-01-13
CWE-434
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| viaviweb | wallpaper_admin | 1.0 |
References
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.viaviweb.com (Product)
- www.vulncheck.com (Third Party Advisory)