CVE-2018-25374
HighSummary
Softneta MedDream PACS Server Premium version 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.
Risk Assessment
This vulnerability poses a serious risk to the organization's security, allowing attackers to access confidential information, which may lead to further attacks or data breaches.
Recommendation
It is recommended to update the server to the latest version that addresses this vulnerability and to implement appropriate security measures to restrict access to critical system files.
Original NVD description (English source)
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

