Vulnerabilities > Rangerstudio

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-13982 Unspecified vulnerability in Rangerstudio Directus 7
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.
network
low complexity
rangerstudio
5.3
2019-07-19 CVE-2019-13981 Forced Browsing vulnerability in Rangerstudio Directus 7 API
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory.
network
low complexity
rangerstudio CWE-425
5.3
2019-07-19 CVE-2019-13980 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
network
low complexity
rangerstudio CWE-434
8.8
2019-07-19 CVE-2019-13979 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
network
low complexity
rangerstudio CWE-434
8.8
2018-05-05 CVE-2018-10723 Use of Hard-coded Credentials vulnerability in Rangerstudio Directus 6.4.9
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
network
low complexity
rangerstudio CWE-798
critical
9.8