In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-19T14:18:16

Updated: 2024-08-05T00:05:44.139Z

Reserved: 2019-07-19T00:00:00

Link: CVE-2019-13979

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-19T15:15:12.157

Modified: 2024-11-21T04:25:49.350

Link: CVE-2019-13979

cve-icon Redhat

No data.