{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/interinfo/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-10073"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DreamMaker"],"_cs_severities":["high"],"_cs_tags":["cve","arbitrary file read","path traversal"],"_cs_type":"advisory","_cs_vendors":["Interinfo"],"content_html":"\u003cp\u003eDreamMaker, developed by Interinfo, is affected by an arbitrary file read vulnerability (CVE-2026-10073). This vulnerability allows unauthenticated, local attackers to exploit relative path traversal to download arbitrary system files. The vulnerability arises from insufficient input validation when handling file paths, enabling attackers to access sensitive files outside the intended directory. Exploitation requires a local attacker due to the relative path traversal nature of the vulnerability. Successful exploitation allows the attacker to read potentially sensitive information from the affected system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable DreamMaker installation.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request containing a relative path traversal sequence (e.g., \u003ccode\u003e../../../../etc/passwd\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eDreamMaker processes the request without proper validation of the file path.\u003c/li\u003e\n\u003cli\u003eThe application attempts to read the file specified by the manipulated path.\u003c/li\u003e\n\u003cli\u003eThe operating system accesses the file due to insufficient sanitization.\u003c/li\u003e\n\u003cli\u003eThe contents of the file are returned to the attacker.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10073 allows an unauthenticated attacker to read arbitrary files from the system. This could lead to the exposure of sensitive configuration files, credentials, or other confidential data. The impact is high due to the potential for complete system compromise if critical files are accessed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates provided by Interinfo for DreamMaker to remediate CVE-2026-10073.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within DreamMaker to prevent relative path traversal attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing relative path traversal sequences, as detected by the Sigma rule \u0026ldquo;Detect CVE-2026-10073 Attempted Exploitation via Path Traversal\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T14:18:55Z","date_published":"2026-05-29T14:18:55Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dreammaker-file-read/","summary":"DreamMaker by Interinfo is vulnerable to arbitrary file read via relative path traversal, allowing unauthenticated attackers to download arbitrary system files.","title":"DreamMaker Arbitrary File Read Vulnerability (CVE-2026-10073)","url":"https://feed.craftedsignal.io/briefs/2026-05-dreammaker-file-read/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-10072"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DreamMaker"],"_cs_severities":["high"],"_cs_tags":["arbitrary-file-upload","web-shell","code-execution"],"_cs_type":"advisory","_cs_vendors":["Interinfo"],"content_html":"\u003cp\u003eInterinfo\u0026rsquo;s DreamMaker is susceptible to an arbitrary file upload vulnerability (CVE-2026-10072). This flaw enables attackers with privileged access to upload and execute malicious web shell backdoors onto the server. Successful exploitation of this vulnerability can lead to arbitrary code execution on the affected server, potentially compromising the entire system and any data stored on it. Defenders need to ensure that DreamMaker installations are properly secured to prevent unauthorized file uploads.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the DreamMaker application with privileged credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the file upload functionality within the DreamMaker application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious web shell (e.g., a PHP script) designed for remote code execution.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the arbitrary file upload vulnerability to upload the malicious web shell to a publicly accessible directory on the server.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly validate or sanitize the uploaded file, allowing it to be stored with a predictable name and location.\u003c/li\u003e\n\u003cli\u003eAttacker sends an HTTP request to the uploaded web shell (e.g., \u003ccode\u003ehttp://example.com/uploads/shell.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe web server executes the web shell, granting the attacker remote code execution capabilities.\u003c/li\u003e\n\u003cli\u003eAttacker uses the executed code to perform malicious actions, such as accessing sensitive data, installing malware, or pivoting to other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10072 can lead to complete compromise of the DreamMaker server. An attacker with code execution capabilities can gain access to sensitive data, modify system files, install persistent backdoors, or use the compromised server as a launching point for further attacks against the internal network. The arbitrary code execution can lead to significant data breaches and service disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates from Interinfo for DreamMaker to address CVE-2026-10072.\u003c/li\u003e\n\u003cli\u003eImplement strict file upload validation and sanitization measures to prevent the upload of malicious files.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to uploaded files, as covered by the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eRestrict access to file upload functionality to only authorized users with a legitimate need for it.\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) with rules to detect and block malicious file upload attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T14:18:42Z","date_published":"2026-05-29T14:18:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dreammaker-file-upload/","summary":"DreamMaker by Interinfo is vulnerable to arbitrary file upload, allowing privileged remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server.","title":"DreamMaker Arbitrary File Upload Vulnerability (CVE-2026-10072)","url":"https://feed.craftedsignal.io/briefs/2026-05-dreammaker-file-upload/"}],"language":"en","title":"CraftedSignal Threat Feed — Interinfo","version":"https://jsonfeed.org/version/1.1"}