CVE-2016-15044 in Video Platformالمعلومات

الملخص

بحسب MITRE • 24/07/2025

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

22/07/2025

إفشاء

24/07/2025

الاعتدال

تمت الموافقة

إدخال

VDB-317481

CPE

جاهز

CWE

CWE-502 (مؤكد)

استغلال

تحميل

CVSS

7.3 (VulDB)

EPSS

0.75971

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-15044
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-15044
CVE Details	https://www.cvedetails.com/cve/CVE-2016-15044/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!