CVE-2017-14141

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

Ссылки

http://www.securityfocus.com/bid/100976
Third Party Advisory
VDB Entry
https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682
Third Party Advisory
https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/100976
Third Party Advisory
VDB Entry
https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682
Third Party Advisory
https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*

Версия до 13.2.0 (исключая)

EPSS

Процентиль: 84%

0.02194

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-6xrx-j6mc-jmfc