← voltar
CVE-2020-37009

MedDream PACS Server 6.8.3.751 - Remote Code Execution

CVSS 8.7 HIGHEPSS 0.5%CWE-434
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
MedDream · MedDream PACS Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://meddream.com/products/meddream-pacs-server/https://www.exploit-db.com/exploits/48853https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution