CVE 8.6 HIGH

Interinfo｜DreamMaker – Arbitrary File Upload_CVE-2026-10072

May 29, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2026-10072

Source twcert

Published May 29, 2026 at 12:36

Affected Product

Vendor Interinfo

Product DreamMaker

Affected Versions Interinfo DreamMaker 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Interinfo

Product DreamMaker

References

{
    "lastseen": "",
    "description": "DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-05-29T12:36:09.713Z",
    "modified": "2026-05-29T12:36:09.713Z",
    "type": "cve",
    "title": "Interinfo\uff5cDreamMaker - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html\nhttps://www.twcert.org.tw/en/cp-139-10946-1127f-2.html",
    "id": "CVE-2026-10072",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Interinfo DreamMaker 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DreamMaker",
    "version": "0",
    "vendor": "Interinfo",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors",
    "ai_severity": "High",
    "ai_vendor": "Interinfo",
    "ai_product": "DreamMaker",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply