Directus 7 Api@* Security Vulnerabilities and Issues — Directus 7 Api@* CVE List

Lucene search

RangerstudioDirectus 7 Api*

3 matches found

CVE•added 2019/07/19 3:15 p.m.•90 views

CVE-2019-13983

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.

9.8CVSS9.4AI score0.00256EPSS

Web

CVE•added 2019/07/19 3:15 p.m.•77 views

CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.

8.8CVSS9.1AI score0.01077EPSS

CVE•added 2019/07/19 3:15 p.m.•45 views

CVE-2019-13984

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.

8.8CVSS8.7AI score0.0255EPSS