PT-2025-30584 · Unknown · Dicoogle Pacs Web Server
Published
2025-07-23
·
Updated
2025-07-23
·
CVE-2018-25113
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Dicoogle PACS Web Server versions 2.5.0 and earlier
Description
An unauthenticated path traversal vulnerability exists that allows remote attackers to read arbitrary files on the underlying system. Exploitation occurs by sending a crafted request to the
/exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.Recommendations
Versions prior to 2.5.0 should be updated.
Restrict access to the
/exportFile endpoint.
Sanitize or validate the UID parameter to prevent path traversal.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dicoogle Pacs Web Server