CVE-2026-24729
Lifecycle Timeline
2DescriptionCVE.org
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.
AnalysisAI
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.
Technical ContextAI
This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) exists in the file upload component. An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.
Affected ProductsAI
Product: An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker. Versions: up to 2025. Component: file upload.
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today