CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-15044

PENDING
N/A
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile28.39th
Published2025年7月23日
Last Modified2026年4月15日

Vulnerability Description

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/kaltura_unserialize_rce.rb
🔗 https://www.exploit-db.com/exploits/39563
🔗 https://www.exploit-db.com/exploits/40404
🔗 https://www.vulncheck.com/advisories/kaltura-php-object-injection-rce
🔗 https://www.exploit-db.com/exploits/39563

相关漏洞威胁

CVE-2016-193110.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial...

CVE-2016-103810.0

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader...

CVE-2016-198510.0

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java ...

CVE-2016-104110.0

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader...