An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Jul 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Jul 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user. | |
Title | Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal | |
Weaknesses | CWE-22 | |
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-07-23T13:50:31.369Z
Updated: 2025-07-23T14:47:46.824Z
Reserved: 2025-07-22T19:54:55.579Z
Link: CVE-2018-25113

Updated: 2025-07-23T14:47:35.267Z

Status : Awaiting Analysis
Published: 2025-07-23T14:15:32.300
Modified: 2025-07-25T15:29:44.523
Link: CVE-2018-25113

No data.