CVE-2021-26595

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Link Resource
https://github.com/sgranel/directusv8 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*

Information

Published : 2021-02-23 11:15

Updated : 2021-03-01 12:51


NVD link : CVE-2021-26595

Mitre link : CVE-2021-26595


JSON object : View

CWE
CWE-312

Cleartext Storage of Sensitive Information

Advertisement

dedicated server usa

Products Affected

rangerstudio

  • directus