Craftycontrol: >> Crafty Controller >> 4.7.0 Security Vulnerabilities
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.
CVSS Score
9.0
EPSS Score
0.002
Published
2026-04-21
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVSS Score
9.9
EPSS Score
0.002
Published
2026-01-30
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-01-30