Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rangerstudio directus vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-13982
interfaces/markdown/input.vue in Directus 7 Application prior to 7.7.0 does not sanitize Markdown text before rendering a preview.
Rangerstudio Directus 7
445
VMScore
CVE-2019-13981
In Directus 7 API up to and including 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not appl...
Rangerstudio Directus 7 Api
605
VMScore
CVE-2019-13979
In Directus 7 API prior to 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
Rangerstudio Directus 7 Api
605
VMScore
CVE-2019-13980
In Directus 7 API up to and including 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
Rangerstudio Directus 7 Api
445
VMScore
CVE-2019-13983
Directus 7 API prior to 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
Rangerstudio Directus 7 Api
605
VMScore
CVE-2019-13984
Directus 7 API prior to 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.
Rangerstudio Directus 7 Api
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2