CVE-2017-14143

CRITICAL

Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-14143. PoCs published by Metasploit, Robin Verton, Robin Verton <[email protected]>, Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/kaltura_unserialize_cookie_rce.

AI-analyzed exploit summary This Metasploit module exploits a PHP object injection vulnerability in Kaltura via a hardcoded cookie secret, allowing unauthenticated RCE through a crafted serialized payload. It leverages a Zend Framework POP chain to execute arbitrary PHP code.

Description

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/43876

This Metasploit module exploits a PHP object injection vulnerability in Kaltura via a hardcoded cookie secret, allowing unauthenticated RCE through a crafted serialized payload. It leverages a Zend Framework POP chain to execute arbitrary PHP code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kaltura < 13.1.0
No auth needed
Prerequisites: Valid entry_id from a media resource on the target Kaltura installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Robin Verton · pythonwebappsphp
https://www.exploit-db.com/exploits/43028

This exploit leverages a PHP object injection vulnerability in Kaltura <= 13.1.0 via deserialization of a malicious payload in the 'userzone' cookie. It achieves remote code execution by abusing the Zend_Log and Zend_Mail classes to execute arbitrary PHP code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kaltura <= 13.1.0
No auth needed
Prerequisites: Valid entry_id parameter · Access to the target's /index.php/keditorservices/getAllEntries endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Robin Verton <[email protected]>, Mehmet Ince <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kaltura_unserialize_cookie_rce.rb

This Metasploit module exploits a PHP object injection vulnerability in Kaltura via a crafted serialized cookie. It leverages a hardcoded cookie secret to bypass signature checks and achieve remote code execution through a Zend Framework deserialization gadget chain.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kaltura versions prior to 13.1.0
No auth needed
Prerequisites: Valid entry_id from a media resource on the target Kaltura installation
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100976
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43028/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43876/

Scores

CVSS v3 9.8
EPSS 0.7550
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
kaltura/kaltura_server < mercury-13.1.0
Published Sep 19, 2017
Tracked Since Feb 18, 2026