CVE Catalog

CVE-2018-25374

High
Published: Translated: NVD NIST

Summary

Softneta MedDream PACS Server Premium version 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

Risk Assessment

This vulnerability poses a serious risk to the organization's security, allowing attackers to access confidential information, which may lead to further attacks or data breaches.

Recommendation

It is recommended to update the server to the latest version that addresses this vulnerability and to implement appropriate security measures to restrict access to critical system files.

Original NVD description (English source)

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS