2019-07-19 14:18:16
mitre
PUBLISHED
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.