RSS   Podatności dla 'Directus 7 api'   RSS

2019-07-19
 
CVE-2019-13981

CWE-20
 

 
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.

 
 
CVE-2019-13980

CWE-434
 

 
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.

 

 >>> Vendor: Rangerstudio 3 Produkty
Directus
Directus 7 api
Directus 7


Copyright 2024, cxsecurity.com

 

Back to Top