Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

Kaltura 11.1.0-2 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injectio...

Kaltura Remote PHP Code Execution

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized...