Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.9 views

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

8.8CVSS7.6AI score0.04867EPSS
Exploits3References1
NVD
NVD
added 2021/04/07 10:15 p.m.28 views

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

8.8CVSS0.04867EPSS
Exploits3References5
CVE
CVE
added 2021/04/07 9:31 p.m.74 views

CVE-2021-29641

CVE-2021-29641 affects Directus 8 up to 8.8.2. The vulnerability arises from file-upload permissions that allow uploading a PHP file to the main upload directory and, in a subdirectory, a PHP file plus an .htaccess, enabling remote authenticated code execution. Exploitation is limited to specific...

8.8CVSS8.8AI score0.04867EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2021/04/07 12:0 a.m.281 views

Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities

======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because of different architecture CVE number:...

8.8CVSS0.2AI score0.04867EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/04/07 12:0 a.m.823 views

Monospace Directus Headless CMS File Upload / Rule Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because ...

0.3AI score0.04867EPSS
Exploits3
Rows per page
Query Builder