2 matches found
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
Directus 信息泄露漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.0.0-alpha.4 through 11.5.0, which stems from the search parameter that can lead to unauthorized...