7 matches found
EUVD-2019-5246
Malware in sbrugna...
EUVD-2019-5243
Malware in sbrugna...
EUVD-2019-5245
Malware in sbrugna...
CVE-2019-13980
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...
CVE-2019-13984
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...
Design/Logic Flaw
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...
CVE-2019-13981
The CVE affects Directus 7 API up to version 2.3.0. An information disclosure exists where remote attackers can read image files by directly requesting a filename under uploads/_/originals/. The vulnerability stems from a configuration option that can make the file collection non-public, but this...