CVE advisoryCRITICAL
CVE-2016-15044
Kaltura Keditorservices Unsafe Deserialization Remote Code Execution.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A remote code execution vulnerability exists in Kaltura due to unsafe deserialization of user-controlled data. An unauthenticated remote attacker can exploit this by sending a specially crafted serialized PHP object, potentially leading to the execution of arbitrary PHP code on the web server. This issue is relevant be