PT-2026-44836 · Interinfo · Dreammaker

Kun Xian Lin

Published

2026-05-29

Updated

2026-05-29

CVE-2026-10072

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2026-10072

Affected Products

Dreammaker

PT-2026-44836 · Interinfo · Dreammaker

CVE-2026-10072

Weakness Enumeration

Related Identifiers

Affected Products

References · 3