PT-2019-13508 · Directus · Directus

Ybelenko

Publicado

2019-07-19

Atualizado

2019-07-22

CVE-2019-13979

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Directus versions prior to 2.2.1

Description The issue allows for remote code execution due to the uploading of PHP files not being blocked. This can lead to uploads/ /originals remote code execution.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploads/ /originals directory to minimize the risk of exploitation.

Exploit

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-13979

Produtos afetados

Directus

PT-2019-13508 · Directus · Directus

CVE-2019-13979

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4