Skip to main content

Directus 7 Api

5 CVEs product

Monthly

CVE-2019-13984 HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-13983 CRITICAL PATCH Act Now

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass PHP Directus 7 Api
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-13981 MEDIUM POC This Month

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus 7 Api
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-13980 HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx Apache RCE +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-13979 HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
EPSS 2% CVSS 8.8
HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass PHP Directus 7 Api
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus 7 Api
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx +3
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy