Cyber Posture

CVE-2022-50892

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0022 44.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50892 is a high-severity SQL Injection (CWE-89) vulnerability in Viaviweb Wallpaper Admin. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 requires information input validation at entry points such as the login form, directly preventing SQL injection payloads from bypassing authentication.

SI-2 Flaw Remediation good match
prevent

SI-2 mandates timely identification, reporting, and remediation of flaws like the SQL injection vulnerability in the login page.

RA-5 Vulnerability Monitoring and Scanning good match
detect

RA-5 requires vulnerability scanning that would identify the SQL injection vulnerability in the authentication mechanism prior to exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing web app login page enables remote authentication bypass and unauthorized admin access, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.

Deeper analysisAI

CVE-2022-50892 is a SQL injection vulnerability (CWE-89) in VIAVIWEB Wallpaper Admin 1.0. The flaw resides in the login page, where attackers can bypass authentication by manipulating login credentials with payloads such as 'admin' or 1=1-- -. This grants unauthorized access to the administrative interface. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low complexity and no prerequisites.

Remote attackers with network access to the login page can exploit this vulnerability without prior authentication or user interaction. By injecting the malicious payloads into the login form, they bypass authentication controls and gain entry to the admin interface, enabling potential unauthorized data access or limited administrative functions.

Advisories and a proof-of-concept exploit detail the issue, available at Exploit-DB (https://www.exploit-db.com/exploits/51033), the vendor site (https://www.viaviweb.com), and VulnCheck (https://www.vulncheck.com/advisories/viaviweb-wallpaper-admin-sql-injection-via-login-page).

Details

CWE(s)
CWE-89

Affected Products

viaviweb
wallpaper admin
1.0

CVEs Like This One

CVE-2022-50893Same product: Viaviweb Wallpaper Admin
CVE-2025-69213Shared CWE-89
CVE-2025-52577Shared CWE-89
CVE-2026-41490Shared CWE-89
CVE-2026-35168Shared CWE-89
CVE-2025-22350Shared CWE-89
CVE-2025-68865Shared CWE-89
CVE-2025-57792Shared CWE-89
CVE-2020-36999Shared CWE-89
CVE-2025-22716Shared CWE-89

References