CVE-2018-25372 - MedDream PACS Server Premium Unauthenticated SQL Injection

MedDream PACS Server Premium version 6.7.1.1 is susceptible to an SQL injection vulnerability (CVE-2018-25372). This flaw enables unauthenticated attackers to inject malicious SQL code into the email parameter of the userSignup.php endpoint. By sending specially crafted POST requests, attackers can bypass authentication and execute arbitrary SQL queries against the backend MySQL database. This can lead to the extraction of sensitive information, potentially compromising patient data and system integrity. The vulnerability was reported on May 25, 2026.

Attack Chain

1. The attacker identifies the userSignup.php endpoint as a potential target for SQL injection.
2. The attacker crafts a malicious POST request containing SQL injection payloads within the email parameter.
3. The attacker sends the crafted POST request to the userSignup.php endpoint.
4. The MedDream PACS Server processes the request without proper sanitization of the email parameter.
5. The injected SQL code is executed against the backend MySQL database.
6. The attacker retrieves sensitive data from the database, such as usernames, passwords, patient records, or other confidential information.

Impact

Successful exploitation of this vulnerability can result in the unauthorized disclosure of sensitive patient data, potentially leading to violations of privacy regulations and reputational damage. Attackers may also be able to modify or delete data, disrupt system operations, or gain further access to the server. The number of affected installations is unknown.

Recommendation

• Apply the latest patches or upgrades provided by MedDream to address CVE-2018-25372.
• Implement input validation and sanitization measures to prevent SQL injection attacks.
• Deploy the Sigma rule to detect exploitation attempts targeting the userSignup.php endpoint.
• Monitor web server logs for suspicious POST requests to userSignup.php containing SQL syntax in the email parameter.