Creacast

creacast

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Creabox Manager

creabox_manager

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-57439 1Creacast 1Creabox Manager Jun 17, 2026 Sep 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then e...Show more Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution.Show less
CVE-2025-57434 1Creacast 1Creabox Manager Jun 17, 2026 Sep 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast,...Show more Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.Show less
CVE-2025-57430 1Creacast 1Creabox Manager Jun 17, 2026 Sep 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains pl...Show more Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.Show less