CVE-2019-15123

Name of the Vulnerable Software and Affected Versions Viki Vera version 4.9.1.26180

Description The Branding Module in Viki Vera allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site.

Recommendations For version 4.9.1.26180, consider disabling the logo upload feature in the Branding Module until a patch is available to prevent potential Remote Code Execution attacks. Restrict access to the Branding Module to minimize the risk of exploitation. Avoid using the module for uploading files until the issue is resolved.