File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
modules/exploits/linux/http Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -12,18 +12,19 @@ def initialize(info={})
1212 super ( update_info ( info ,
1313 'Name' => 'Kaltura Remote PHP Code Execution' ,
1414 'Description' => %q{
15- This module exploits a Object Injection vulnerability in Kaltura.
15+ This module exploits an Object Injection vulnerability in Kaltura.
1616 By exploiting this vulnerability, unauthenticated users can execute
1717 arbitrary code under the context of the web server user.
1818
1919 Kaltura has a module named keditorservices that takes user input
20- and then use it as an unserialize function parameter. The object
20+ and then use it as an unserialized function parameter. The object
2121 constructed is based on the SektionEins Zend code execution POP chain PoC,
2222 with a minor modification to ensure Kaltura processes it and the
2323 Zend_Log function's __destruct() method is called. Kaltura prior to
2424 11.1.0-2 versions are affected by issue.
2525
26- This module was tested against Kaltura 11.1.0 installation on Ubuntu server.
26+ This module was tested against Kaltura 11.1.0 installation on
27+ Ubuntu server and CentOS 6.8.
2728 } ,
2829 'License' => MSF_LICENSE ,
2930 'Author' =>
You can’t perform that action at this time.
0 commit comments