Vulnerabilities > Rangerstudio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-19 | CVE-2019-13984 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 6.8 |
| 2019-07-19 | CVE-2019-13983 | Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. | 5.0 |
| 2019-07-19 | CVE-2019-13982 | Information Exposure vulnerability in Rangerstudio Directus 7 interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. | 5.0 |
| 2019-07-19 | CVE-2019-13981 | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.0 |
| 2019-07-19 | CVE-2019-13980 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | 6.8 |
| 2019-07-19 | CVE-2019-13979 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | 6.8 |
| 2018-05-05 | CVE-2018-10723 | Use of Hard-coded Credentials vulnerability in Rangerstudio Directus 6.4.9 Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | 7.5 |