Vulnerabilities > CVE-2017-14141 - Deserialization of Untrusted Data vulnerability in Kaltura Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/144304/kaltura-xssexec.txt |
id | PACKETSTORM:144304 |
last seen | 2017-09-26 |
published | 2017-09-23 |
reporter | Robin Verton |
source | https://packetstormsecurity.com/files/144304/Kaltura-13.1.0-Code-Execution-Cross-Site-Scripting.html |
title | Kaltura 13.1.0 Code Execution / Cross Site Scripting |