CVE-2020-37009

Name of the Vulnerable Software and Affected Versions MedDream PACS Server version 6.8.3.751

Description The software contains an authenticated remote code execution issue allowing authorized users to upload malicious PHP files. An attacker can exploit the /uploadImage.php API endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

Recommendations Update to a newer version that contains a fix for this vulnerability.