CVE-2026-10072
7.2 HIGHDreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute ...
Published: 2026-05-29 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-434
Description
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40772 — Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
- CVE-2026-39591 — Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)
- CVE-2026-39527 — Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)
- CVE-2018-25436 — WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated ... (9.8 CRITICAL)
- CVE-2026-5482 — Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.ph...