Latest rangerstudio directus Vulnerabilities

CVE-2023-27474
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query para...
Rangerstudio Directus<9.23.0
CVE-2022-23080
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network p...
Rangerstudio Directus>=9.0.1<=9.6.0
Rangerstudio Directus=9.0.0-beta10
Rangerstudio Directus=9.0.0-beta11
Rangerstudio Directus=9.0.0-beta12
Rangerstudio Directus=9.0.0-beta13
Rangerstudio Directus=9.0.0-beta14
and 108 more
CVE-2022-24814
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html int...
Rangerstudio Directus<9.7.0
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload...
Rangerstudio Directus>=8.0.0<8.8.2
CVE-2021-27583
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affe...
>=8.0.0<=8.8.1
Rangerstudio Directus>=8.0.0<=8.8.1
CVE-2021-26594
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability onl...
>=8.0.0<=8.8.1
Rangerstudio Directus>=8.0.0<=8.8.1
CVE-2021-26593
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the us...
>=8.0.0<=8.8.1
Rangerstudio Directus>=8.0.0<=8.8.1
CVE-2021-26595
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, s...
>=8.0.0<=8.8.1
Rangerstudio Directus>=8.0.0<=8.8.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203