Vulnerabilities > Rangerstudio > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-27474 | Cross-site Scripting vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
| 2022-06-22 | CVE-2022-23080 | Server-Side Request Forgery (SSRF) vulnerability in Rangerstudio Directus In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. | 5.0 |
| 2022-04-04 | CVE-2022-24814 | Cross-site Scripting vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
| 2021-04-07 | CVE-2021-29641 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. | 6.5 |
| 2021-02-23 | CVE-2021-27583 | Information Exposure Through Discrepancy vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. | 5.3 |
| 2021-02-23 | CVE-2021-26595 | Cleartext Storage of Sensitive Information vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. | 5.3 |
| 2019-07-19 | CVE-2019-13984 | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 6.8 |
| 2019-07-19 | CVE-2019-13983 | Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. | 5.0 |
| 2019-07-19 | CVE-2019-13982 | Information Exposure vulnerability in Rangerstudio Directus 7 interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. | 5.0 |
| 2019-07-19 | CVE-2019-13981 | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.0 |