Critical severity9.8NVD Advisory· Published Sep 19, 2017· Updated May 13, 2026

CVE-2017-14143

Description

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txtnvdExploitThird Party Advisory
www.securityfocus.com/bid/100976nvdThird Party AdvisoryVDB Entry
github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9nvdThird Party Advisory
www.exploit-db.com/exploits/43028/nvd
www.exploit-db.com/exploits/43876/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.062
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000