59 matches found
Crafty Controller path traversal vulnerability
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation flaw in the File Operations API Endpoint component. This vulnerability could allow authenticated remote attackers to manipulate...
PT-2026-5381
Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...
Crafty Controller path traversal vulnerability
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation issue in the Backup Configuration component. This vulnerability could allow authenticated remote attackers to manipulate files and...
PT-2026-5380
Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization weakness exists in the Backup Configuration component of Crafty Controller. A remote, authenticated attacker can exploit this to tamper with files and execut...
📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection
Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...
CVE-2025-14700
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14701
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
Exploit for CVE-2025-14700
CVE-2025-14700 POC Automatic exploit for Authentic...
CVE-2025-14701
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
CVE-2025-14700
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700
CVE-2025-14700 affects Crafty Controller 4.6.1 in the Webhook Template component. The supplied documents describe an input neutralization vulnerability that enables authenticated attackers to achieve remote code execution via Server-Side Template Injection (SSTI). Multiple sources (NVD/Red Hat/CV...
EUVD-2025-203859
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14701
CVE-2025-14701 affects Crafty Controller’s Server MOTD component. The issue is improper input neutralization that enables a remote, unauthenticated attacker to perform stored XSS by modifying the server MOTD. CVSS v3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user...
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
EUVD-2025-203860
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...