CVE-2018-25142

Sažetak

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.

Reference

https://www.exploit-db.com/exploits/45337
https://www.novarad.net
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5488.php
https://www.exploit-db.com/exploits/45337
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5488.php

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-12-2025 - 21:15

Objavljeno

24-12-2025 - 20:15