Kuang Ming Chang

**Name of the Vulnerable Software and Affected Versions** Interinfo DreamMaker versions prior to 2025/10/22 **Description** A lack of authentication for a critical function exists in the `/servlet/baServer3` endpoint of Interinfo DreamMaker. This allows remote attackers to access exposed administrative functionality without needing to authenticate. **Recommendations** Update Interinfo DreamMaker to version 2025/10/22 or later.

**Name of the Vulnerable Software and Affected Versions** Interinfo DreamMaker versions prior to 2025/10/22 **Description** A flaw exists in the file upload functionality of Interinfo DreamMaker that permits unrestricted file uploads of dangerous file types. This can allow remote attackers to execute arbitrary system commands by uploading a malicious class file. **Recommendations** Update Interinfo DreamMaker to version 2025/10/22 or later.

**Name of the Vulnerable Software and Affected Versions** Wisdom Master Pro versions 5.0 through 5.2 **Description** A missing authorization issue in the retrieve teacher Information function allows remote attackers to obtain partial user data by accessing the API functionality. **Recommendations** For Wisdom Master Pro versions 5.0 through 5.2, consider restricting access to the retrieve teacher Information function until a patch is available. As a temporary workaround, avoid using the retrieve teacher Information function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wisdom Master Pro versions 5.0 through 5.2 **Description** An unrestricted upload of file with dangerous type vulnerability in the course management function allows remote authenticated users to craft a malicious file. **Recommendations** For Wisdom Master Pro versions 5.0 through 5.2, consider disabling the file upload feature in the course management function until a patch is available. Restrict access to the course management function to minimize the risk of exploitation. Avoid using the file upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wisdom Master Pro versions 5.0 through 5.2 **Description** A vulnerability in the retrieve course Information function of Wisdom Master Pro allows remote attackers to perform arbitrary system commands by running a malicious file due to improper control of filename for include/require statement in PHP program. This issue enables remote code execution with no authentication. **Recommendations** For Wisdom Master Pro versions 5.0 through 5.2, consider disabling the `retrieve course Information` function until a patch is available to prevent exploitation. Restrict access to the vulnerable PHP program to minimize the risk of arbitrary system command execution. Avoid using the vulnerable include/require statement in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.