CVE-2018-25124

UNKNOWN 0.0

PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

CWE	CWE-22
Vendor	rainbowfish software
Product	pacsone server
Published	Nov 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for rainbowfish software pacsone server

Be the first to know when new unknown vulnerabilities affecting rainbowfish software pacsone server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RainbowFish Software / PacsOne Server

6.6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/43907 pacsone.net: https://pacsone.net/download.htm vulncheck.com: https://www.vulncheck.com/advisories/pacsone-server-dicom-web-viewer-directory-traversal-lfi

Credits

Carlos Avila