Vulnerabilities > Rangerstudio

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-13984 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
Directus 7 API before 2.3.0 does not validate uploaded files.
6.8
2019-07-19 CVE-2019-13983 Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
network
low complexity
rangerstudio CWE-306
5.0
2019-07-19 CVE-2019-13982 Information Exposure vulnerability in Rangerstudio Directus 7
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.
network
low complexity
rangerstudio CWE-200
5.0
2019-07-19 CVE-2019-13981 Forced Browsing vulnerability in Rangerstudio Directus 7 API
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory.
network
low complexity
rangerstudio CWE-425
5.0
2019-07-19 CVE-2019-13980 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
6.8
2019-07-19 CVE-2019-13979 Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
6.8
2018-05-05 CVE-2018-10723 Use of Hard-coded Credentials vulnerability in Rangerstudio Directus 6.4.9
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
network
low complexity
rangerstudio CWE-798
7.5