Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
AnalysisAI
Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell backdoors and achieve arbitrary code execution on the underlying server. The flaw carries a CVSS 4.0 score of 8.6 and was reported via TWCERT, with no public exploit identified at time of analysis. Despite the high privilege requirement, the network-reachable vector and full CIA impact on the host make this a meaningful post-authentication compromise primitive.
Technical ContextAI
DreamMaker is a web-based application from Taiwanese vendor Interinfo (CPE: cpe:2.3:a:interinfo:dreammaker), commonly deployed in regional enterprise environments. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the upload handler fails to validate file extension, MIME type, or content before writing attacker-controlled files into a web-accessible directory. Once a server-side script (e.g., .jsp, .aspx, .php) lands inside the web root, the application server will execute it on subsequent HTTP requests, giving the attacker an interactive web shell that runs under the privileges of the web service account.
RemediationAI
Patch available per vendor advisory - consult the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html and https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html and contact Interinfo for the fixed DreamMaker build, as no exact fix version is enumerated in the provided data. Until the patch is applied, restrict access to administrative and upload endpoints to trusted management networks via firewall or reverse-proxy ACLs (side effect: legitimate remote admins must use VPN), enforce strong unique credentials and MFA for all high-privilege DreamMaker accounts to raise the bar against the PR:H prerequisite, and configure the web server to disallow script execution within any user-writable upload directory - for IIS/Tomcat/Apache this means stripping handler mappings for .jsp/.aspx/.php/.asp under the upload path (side effect: any legitimate server-side rendering from that directory will break). Monitor web server logs and file-system audit trails for newly written executable file extensions in upload directories as a detection compensating control.
More in Dreammaker
View allUnauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and
Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files b
Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file
Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundari
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33291
GHSA-vqqm-f2cp-rfxx