Detections
Analytics

CVE-2018-25374

high

Description

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

References

https://www.vulncheck.com/advisories/softneta-meddream-pacs-server-premium-directory-traversal

https://www.softneta.com/products/meddream-pacs-server/downloads.html

https://www.exploit-db.com/exploits/45347

Details

Source: Mitre, NVD

Published: 2026-05-25

Updated: 2026-05-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.0052