Vulnerabilities > Rangerstudio > Directus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2021-29641 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. | 8.8 |
| 2021-02-23 | CVE-2021-26594 | Improper Privilege Management vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. | 8.8 |
| 2021-02-23 | CVE-2021-26593 | Information Exposure vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. | 7.5 |