CVE-2020-37009

Sažetak

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

Reference

https://meddream.com/products/meddream-pacs-server/
https://www.exploit-db.com/exploits/48853
https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution
https://www.exploit-db.com/exploits/48853

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

29-01-2026 - 17:16

Objavljeno

29-01-2026 - 15:16