CVE-2018-25374 PUBLISHED

Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Assigner: VulnCheck
Reserved: 25.05.2026 Published: 25.05.2026 Updated: 25.05.2026

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Softneta
Product MedDream PACS Server Premium
Versions
  • Version 6.7.1.1 is affected

Credits

  • Carlos Avila finder

References

Problem Types

  • Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE