CVE-2016-15044

CRITICAL

Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2016-15044. PoCs published by Mehmet Ince, Security-Assessment.com, Security-Assessment.com, Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/kaltura_unserialize_rce.

AI-analyzed exploit summary This Metasploit module exploits a PHP object injection vulnerability in Kaltura's keditorservices module, allowing unauthenticated remote code execution via a crafted serialized payload. The exploit leverages a Zend Framework POP chain to trigger arbitrary command execution.

Description

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.

Exploits (3)

exploitdb WORKING POC
by Mehmet Ince · rubyremotephp
https://www.exploit-db.com/exploits/40404

This Metasploit module exploits a PHP object injection vulnerability in Kaltura's keditorservices module, allowing unauthenticated remote code execution via a crafted serialized payload. The exploit leverages a Zend Framework POP chain to trigger arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kaltura < 11.1.0-2
No auth needed
Prerequisites: Network access to the target · Kaltura installation with vulnerable keditorservices module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Security-Assessment.com · textwebappsphp
https://www.exploit-db.com/exploits/39563

This exploit demonstrates multiple vulnerabilities in Kaltura Community Edition, including unauthenticated remote code execution via PHP deserialization, arbitrary file upload leading to RCE, and SSRF/file read vulnerabilities. The PoC includes detailed steps and code snippets for exploitation.

Classification
Working Poc 100%
Attack Type
Rce | Ssrf | Info Leak | Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Kaltura Community Edition <=11.1.0-2
No auth needed
Prerequisites: Network access to the target · PHP environment for generating the payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Security-Assessment.com, Mehmet Ince <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kaltura_unserialize_rce.rb

This Metasploit module exploits a PHP object injection vulnerability in Kaltura's keditorservices module, allowing unauthenticated RCE via a crafted serialized payload. It leverages a Zend Framework POP chain to execute arbitrary PHP code during object deserialization.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kaltura < 11.1.0-2
No auth needed
Prerequisites: Exposed Kaltura instance with vulnerable keditorservices endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 9.3
EPSS 0.0135
EPSS Percentile 67.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-502 CWE-94
Status published
Products (1)
Kaltura/Video Platform < 11.1.0-2
Published Jul 23, 2025
Tracked Since Feb 18, 2026