Vulnerabilities > Rangerstudio > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-27474 | Unspecified vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
| 2022-06-22 | CVE-2022-23080 | Unspecified vulnerability in Rangerstudio Directus In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. | 5.0 |
| 2022-04-04 | CVE-2022-24814 | Unspecified vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.1 |
| 2021-02-23 | CVE-2021-27583 | Information Exposure Through Discrepancy vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. | 5.3 |
| 2021-02-23 | CVE-2021-26595 | Cleartext Storage of Sensitive Information vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. | 5.3 |
| 2019-07-19 | CVE-2019-13982 | Unspecified vulnerability in Rangerstudio Directus 7 interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. | 5.3 |
| 2019-07-19 | CVE-2019-13981 | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.3 |