CVE-2018-25113

N/A Unknown
Published: July 23, 2025 Modified: April 15, 2026
View on NVD

Description

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45007
Source: disclosure@vulncheck.com
https://www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-traversal
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal
Source: disclosure@vulncheck.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
42.8%
97th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-7581 4.3
CVE-2026-7580 5.3
CVE-2026-7579 7.3
CVE-2026-3772 8.8
CVE-2026-3140 4.3