The getUserzoneCookie function in Kaltura prior to 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote malicious users to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kaltura kaltura server |