5 matches found
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2021-29641
CVE-2021-29641 affects Directus 8 up to 8.8.2. The vulnerability arises from file-upload permissions that allow uploading a PHP file to the main upload directory and, in a subdirectory, a PHP file plus an .htaccess, enabling remote authenticated code execution. Exploitation is limited to specific...
Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities
======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because of different architecture CVE number:...
Monospace Directus Headless CMS File Upload / Rule Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because ...