9 matches found
EUVD-2025-204960
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-13700
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-13700
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-13700
DreamFactory CVE-2025-13700 describes a Command Injection / Remote Code Execution in the saveZipFile method. The flaw arises from insufficient validation of a user-supplied string used in a system call, allowing an attacker to execute arbitrary code with the service account context. Affected prod...
CVE-2025-13700 DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-13700 DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
DreamFactory Core 操作系统命令注入漏洞
DreamFactory Core is an open source DreamFactory core service from DreamFactory Software. DreamFactory Core suffers from an operating system command injection vulnerability that stems from a lack of validation of user-supplied strings in the implementation of the saveZipFile method, which could...
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the saveZipFile method. The issue results from the lack of proper...
PT-2025-48209
Name of the Vulnerable Software and Affected Versions DreamFactory affected versions not specified Description A flaw exists in the implementation of the saveZipFile method that could allow remote attackers to execute arbitrary code on affected DreamFactory installations. Authentication is requir...