CVE 9.3 CRITICAL

Interinfo｜DreamMaker – Arbitrary File Upload_CVE-2026-10071

May 29, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2026-10071

Source twcert

Published May 29, 2026 at 12:32

Modified May 29, 2026 at 13:28

Affected Product

Vendor Interinfo

Product DreamMaker

Affected Versions Interinfo DreamMaker 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Interinfo

Product DreamMaker

References

{
    "lastseen": "",
    "description": "DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-05-29T12:32:43.004Z",
    "modified": "2026-05-29T13:28:37.835Z",
    "type": "cve",
    "title": "Interinfo\uff5cDreamMaker - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html\nhttps://www.twcert.org.tw/en/cp-139-10946-1127f-2.html",
    "id": "CVE-2026-10071",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Interinfo DreamMaker 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DreamMaker",
    "version": "0",
    "vendor": "Interinfo",
    "ai_description": "Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors",
    "ai_severity": "Critical",
    "ai_vendor": "Interinfo",
    "ai_product": "DreamMaker",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply