cbcvebase.

Interinfo Dreammaker vulnerabilities

7 known vulnerabilities affecting interinfo/dreammaker.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-10071P2CRITICALCVSS 9.8≤ Java Composer 2.22026-05-29
CVE-2026-10071 [CRITICAL] CWE-434 CVE-2026-10071: DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticat DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd
CVE-2024-11979P2CRITICALCVSS 9.8fixed in 2024/09/262024-11-29
CVE-2024-11979 [CRITICAL] CWE-434 CVE-2024-11979: DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uplo DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
nvd
CVE-2026-10072P3HIGHCVSS 7.2≤ Java Composer 2.22026-05-29
CVE-2026-10072 [HIGH] CWE-434 CVE-2026-10072: DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged re DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd
CVE-2024-11978P3HIGHCVSS 7.5fixed in 2024/09/262024-11-29
CVE-2024-11978 [HIGH] CWE-36 CVE-2024-11978: DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attack DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
nvd
CVE-2026-10073P3HIGHCVSS 7.5≤ DreamMaker Java Composer 2.22026-05-29
CVE-2026-10073 [HIGH] CWE-23 CVE-2026-10073: DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
nvd
CVE-2026-10075P3MEDIUMCVSS 5.3≤ Java Composer 2.22026-05-29
CVE-2026-10075 [MEDIUM] CWE-36 CVE-2026-10075: DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remot DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.
nvd
CVE-2026-10074P4MEDIUMCVSS 4.9≤ Java Composer 2.22026-05-29
CVE-2026-10074 [MEDIUM] CWE-23 CVE-2026-10074: DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged loca DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
nvd
Interinfo Dreammaker vulnerabilities | cvebase