2 matches found
CVE-2019-13979
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads//originals remote code execution...
CVE-2019-13979
Affected software: Directus 7 API (Directus 7) before version 2.2.1. Vulnerability details: The uploader does not block PHP file uploads, which can be stored under uploads/_/originals and lead to remote code execution. Root cause (as stated): failure to block PHP uploads. Impact: remote code exec...