Creacast: >> Creabox Manager >> 4.4.4 Security Vulnerabilities
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-22
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-22