Wallpaper Admin
Monthly
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. [CVSS 6.5 MEDIUM]
VIAVIWEB Wallpaper Admin 1.0 allows unauthenticated PHP file upload through the add_gallery_image.php endpoint. PoC available.
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. [CVSS 6.5 MEDIUM]
VIAVIWEB Wallpaper Admin 1.0 allows unauthenticated PHP file upload through the add_gallery_image.php endpoint. PoC available.
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]