Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-29641
HistoryApr 07, 2021 - 9:31 p.m.

CVE-2021-29641

2021-04-0721:31:45
mitre
www.cve.org
3
directus 8
arbitrary code execution
file upload permissions
apache http server
local storage driver
exploitation
remote authenticated users

AI Score

9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).

Related

nvd 1
cve 1
prion 1
zdt 1
packetstorm 1
nvd
nvd
CVE-2021-29641
2021-04-07 22:15:14
cve
cve
CVE-2021-29641
2021-04-07 22:15:14
prion
prion
Design/Logic Flaw
2021-04-07 22:15:00
zdt
zdt
Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities
2021-04-07 00:00:00
packetstorm
packetstorm
Monospace Directus Headless CMS File Upload / Rule Bypass
2021-04-07 00:00:00

AI Score

9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON
Related for CVELIST:CVE-2021-29641
nvd1cve1prion1zdt1packetstorm1