CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
Source: NIST
CVE-2019-13979