EUVD-2021-16117

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Directus 8 prior to 8.8.2 allows remote users to execute arbitrary code via inappropriate file uploads.

Reporter	Title	Published	Views	Family All 10
0day.today	Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities	7 Apr 202100:00	–	zdt
CNNVD	Directusv8 代码问题漏洞	7 Apr 202100:00	–	cnnvd
CNVD	Directusv8 Code Issues Vulnerabilities	9 Apr 202100:00	–	cnvd
CVE	CVE-2021-29641	7 Apr 202121:31	–	cve
Cvelist	CVE-2021-29641	7 Apr 202121:31	–	cvelist
NVD	CVE-2021-29641	7 Apr 202122:15	–	nvd
OSV	CVE-2021-29641	7 Apr 202122:15	–	osv
Packet Storm	Monospace Directus Headless CMS File Upload / Rule Bypass	7 Apr 202100:00	–	packetstorm
Prion	Design/Logic Flaw	7 Apr 202122:15	–	prion
RedhatCVE	CVE-2021-29641	22 May 202519:36	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "7c03c1a2-222d-3633-a71e-5471d0195138",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0bf9a7b2-becc-3e87-866b-4e918bc4e6b6",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2021-29641
hub	www.hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6
seclists	www.seclists.org/fulldisclosure/2021/Apr/14
sec-consult	www.sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/
sec-consult	www.sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/
packetstormsecurity	www.packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.8

CVSS 26.5

EPSS0.06595