Rangerstudio Directus 7 Api — known CVE vulnerabilities
Every CVE whose affected-product data names Rangerstudio Directus 7 Api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-13983 — CVSS 9.8 (critical): Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php…
CVE-2019-13979 — CVSS 8.8 (high): In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
CVE-2019-13980 — CVSS 8.8 (high): In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals…
CVE-2019-13984 — CVSS 8.8 (high): Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each…
CVE-2019-13981 — CVSS 5.3 (medium): In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/…