CVE Catalog

CVE-2018-25372

High
Published: Translated: NVD NIST

Summary

MedDream PACS Server Premium version 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

Risk Assessment

This vulnerability poses a serious risk to data security, allowing attackers to access sensitive information in the database. It may lead to loss of data confidentiality and violations of data protection regulations.

Recommendation

It is recommended to update the MedDream PACS server to the latest version that addresses this vulnerability. Additionally, implementing security measures such as input validation and restricting access to critical endpoints is advisable.

Original NVD description (English source)

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS