CVE-2016-15044

CRITICAL

Kaltura <11.1.0-2 - Code Injection

Title source: llm

Description

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.

Exploits (3)

exploitdb WORKING POC

by Mehmet Ince · rubyremotephp

https://www.exploit-db.com/exploits/40404

View Code ZIP pw:eip

exploitdb WORKING POC

by Security-Assessment.com · textwebappsphp

https://www.exploit-db.com/exploits/39563

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Security-Assessment.com, Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kaltura_unserialize_rce.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/kaltura_unserialize_rce.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39563

[Third Party Advisory] https://www.vulncheck.com/advisories/kaltura-php-object-injection-rce

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40404

Scores

CVSS v4 9.3

EPSS 0.6742

EPSS Percentile 98.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-502 CWE-94

Status published

Products (1)

Kaltura/Video Platform < 11.1.0-2

Published Jul 23, 2025

Tracked Since Feb 18, 2026