CVE-2018-25113
Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
| CWE | CWE-22 |
| Vendor | dicoogle project |
| Product | pacs web server |
| Published | Jul 23, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for dicoogle project pacs web server
Be the first to know when new unknown vulnerabilities affecting dicoogle project pacs web server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Dicoogle Project / PACS Web Server
2.5.0
References
exploit-db.com: https://www.exploit-db.com/exploits/45007 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-traversal vulncheck.com: https://www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal
Credits
Carlos Avila