Login Sign Up

CVE-2019-15123

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated users in Viki Vera 4.9.1.26180 to upload malicious .aspx files through the branding module's logo change functionality, leading to remote code execution. Attackers with valid credentials can execute arbitrary code on the web server. Organizations using the affected Viki Vera version are at risk.

💻 Affected Systems

Products:
  • Viki Vera
Versions: 4.9.1.26180
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the branding module. The vulnerability exists in the specific version mentioned; other versions may also be affected but not confirmed.

📦 What is this software?

Vera by Vikisolutions

View all CVEs affecting Vera →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the web server, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Authenticated attackers upload web shells to maintain persistent access, steal sensitive data, or use the server for further attacks.

🟢

If Mitigated

With proper file upload restrictions and authentication controls, impact is limited to unauthorized logo changes only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid user credentials. The vulnerability is well-documented with technical details available in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check vendor for updates

Vendor Advisory: http://www.vikisolutions.com/products/Vera.html

Restart Required: Yes

Instructions:

1. Contact Viki Solutions for patch information. 2. Apply the latest security update. 3. Restart the Vera application services. 4. Verify the fix by testing logo upload functionality.

🔧 Temporary Workarounds

Restrict file upload extensions

windows

Configure web server or application to block .aspx file uploads through the branding module

Implement file upload validation

all

Add server-side validation to check file types and content before allowing uploads

🧯 If You Can't Patch

  • Restrict access to branding module to administrators only
  • Implement web application firewall rules to block .aspx file uploads

🔍 How to Verify

Check if Vulnerable:

Check Vera version in application interface or configuration files. If version is 4.9.1.26180, system is vulnerable.

Check Version:

Check application settings or consult Vera documentation for version command

Verify Fix Applied:

Attempt to upload a test .aspx file through the branding module logo upload feature. Successful blocking indicates fix.

📡 Detection & Monitoring

Log Indicators:

  • Unusual .aspx file uploads via branding module
  • Multiple failed upload attempts
  • Successful .aspx uploads from non-admin users

Network Indicators:

  • HTTP POST requests to branding upload endpoints with .aspx files
  • Unusual outbound connections from web server

SIEM Query:

source="vera_logs" AND (url_path="*branding*" AND file_extension=".aspx")

📊 Metadata

CVE ID: CVE-2019-15123
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: June 12, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15123, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)