Primary

Context

VIAVIWEB Wallpaper Admin Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in VIAVIWEB Wallpaper Admin version 1.0. The issue arises from the image upload feature, which allows unauthenticated attackers to upload malicious PHP files through the add_gallery_image.php endpoint. Once uploaded, these files can execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server.

Reproduction

To reproduce this vulnerability, upload a malicious PHP file disguised as an image through the add_gallery_image.php endpoint. The uploaded file will be executed on the server.

Added: Jan 13, 2026, 11:24 PM

Updated: Jan 13, 2026, 11:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VIAVIWEB Wallpaper Admin Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating