Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2018-21600 | An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user. |
Wed, 23 Jul 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 23 Jul 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user. | |
| Title | Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal | |
| Weaknesses | CWE-22 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-04-07T14:03:43.500Z
Reserved: 2025-07-22T19:54:55.579Z
Link: CVE-2018-25113
Updated: 2025-07-23T14:47:35.267Z
Status : Deferred
Published: 2025-07-23T14:15:32.300
Modified: 2026-06-17T01:54:44.840
Link: CVE-2018-25113
No data.
OpenCVE Enrichment
No data.
EUVD