Vulnerabilities > Rangerstudio > Directus 7 API > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-13984 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
Directus 7 API before 2.3.0 does not validate uploaded files.
network
low complexity
rangerstudio CWE-434
8.8
8.8
2019-07-19 CVE-2019-13980 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
network
low complexity
rangerstudio CWE-434
8.8
8.8
2019-07-19 CVE-2019-13979 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
network
low complexity
rangerstudio CWE-434
8.8
8.8