CVE-2018-25374

HIGH 7.5

Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

CVSS Score

7.5

EPSS Score

0.5%

EPSS Percentile

67th

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

CWE	CWE-22
Vendor	softneta
Product	meddream pacs server premium
Published	May 25, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for softneta meddream pacs server premium

Be the first to know when new high vulnerabilities affecting softneta meddream pacs server premium are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Softneta / MedDream PACS Server Premium

6.7.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45347 softneta.com: https://www.softneta.com/products/meddream-pacs-server/downloads.html vulncheck.com: https://www.vulncheck.com/advisories/softneta-meddream-pacs-server-premium-directory-traversal

Credits

Carlos Avila