The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site.
View Full Alert
Related Posts
CVE-2019-13285CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. View Full Alert
CVE-2019-17230includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. View Full Alert
CVE-2019-17231includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. View Full Alert
