Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rangerstudio directus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-10723
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
Rangerstudio Directus 6.4.9
8.8
CVSSv3
CVE-2019-13979
In Directus 7 API prior to 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
Rangerstudio Directus 7 Api
8.8
CVSSv3
CVE-2019-13980
In Directus 7 API up to and including 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
Rangerstudio Directus 7 Api
8.8
CVSSv3
CVE-2019-13984
Directus 7 API prior to 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.
Rangerstudio Directus 7 Api
5.3
CVSSv3
CVE-2019-13981
In Directus 7 API up to and including 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not appl...
Rangerstudio Directus 7 Api
9.8
CVSSv3
CVE-2019-13983
Directus 7 API prior to 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
Rangerstudio Directus 7 Api
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2