CVE-2018-25113

Sažetak

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb
https://www.exploit-db.com/exploits/45007
https://www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-traversal
https://www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

25-07-2025 - 15:29

Objavljeno

23-07-2025 - 14:15