Vulnerabilities > Rangerstudio > Directus > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2023-27474 Cross-site Scripting vulnerability in Rangerstudio Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
rangerstudio CWE-79
5.4
2022-06-22 CVE-2022-23080 Server-Side Request Forgery (SSRF) vulnerability in Rangerstudio Directus
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
network
low complexity
rangerstudio CWE-918
5.0
2022-04-04 CVE-2022-24814 Cross-site Scripting vulnerability in Rangerstudio Directus
Directus is a real-time API and App dashboard for managing SQL database content.
4.3
2021-04-07 CVE-2021-29641 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory.
network
low complexity
rangerstudio CWE-434
6.5
2021-02-23 CVE-2021-27583 Information Exposure Through Discrepancy vulnerability in Rangerstudio Directus
In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature.
network
low complexity
rangerstudio CWE-203
5.3
2021-02-23 CVE-2021-26595 Cleartext Storage of Sensitive Information vulnerability in Rangerstudio Directus
In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection.
network
low complexity
rangerstudio CWE-312
5.3