rangerstudio

Top products

The 15 most recently published vulnerabilities affecting rangerstudio.

• CVE-2023-27474HTML Injection in Password Reset email to custom Reset URL in directus8.0Mar 6, 2023
• CVE-2022-23080directus - SSRF which leads to internal port scan5.0Jun 22, 2022
• CVE-2022-24814Cross-site Scripting in Directus8.8Apr 4, 2022
• CVE-2022-22117Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image5.4Jan 10, 2022
• CVE-2022-22116Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload5.4Jan 10, 2022
• CVE-2021-29641Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upl...8.8Apr 7, 2021
• CVE-2021-26595In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of t...5.3Feb 23, 2021
• CVE-2021-26594In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are n...8.8Feb 23, 2021
• CVE-2021-26593In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, fi...7.5Feb 23, 2021
• CVE-2021-27583In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no long...5.3Feb 23, 2021
• CVE-2019-13979In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.8.8Jul 19, 2019
• CVE-2019-13980In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.8.8Jul 19, 2019
• CVE-2019-13981In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in whi...5.3Jul 19, 2019
• CVE-2019-13982interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.5.3Jul 19, 2019
• CVE-2019-13983Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.9.8Jul 19, 2019