Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10072 | 1 Interinfo | 1 Dreammaker | 2026-05-29 | 7.2 High |
| DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-10073 | 1 Interinfo | 1 Dreammaker | 2026-05-29 | 7.5 High |
| DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files. | ||||
| CVE-2026-10074 | 1 Interinfo | 1 Dreammaker | 2026-05-29 | 4.9 Medium |
| DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. | ||||
| CVE-2026-10075 | 1 Interinfo | 1 Dreammaker | 2026-05-29 | 5.3 Medium |
| DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability. | ||||
| CVE-2026-10071 | 1 Interinfo | 1 Dreammaker | 2026-05-29 | 9.8 Critical |
| DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-24728 | 1 Interinfo | 1 Dreammaker | 2026-04-18 | N/A |
| A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication. | ||||
| CVE-2026-24729 | 1 Interinfo | 1 Dreammaker | 2026-04-18 | N/A |
| An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file. | ||||
| CVE-2024-11978 | 1 Interinfo | 1 Dreammaker | 2026-04-15 | 7.5 High |
| DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2024-11979 | 1 Interinfo | 1 Dreammaker | 2026-04-15 | 9.8 Critical |
| DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | ||||
Page 1 of 1.