Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RangerstudioDirectus 7 Api

3 matches found

CVE
CVEadded 2019/07/19 3:15 p.m.82 views

CVE-2019-13980

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.

8.8CVSS9AI score0.01049EPSS
CVE
CVEadded 2019/07/19 3:15 p.m.76 views

CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.

8.8CVSS9.1AI score0.01077EPSS
CVE
CVEadded 2019/07/19 3:15 p.m.44 views

CVE-2019-13984

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.

8.8CVSS8.7AI score0.0255EPSS