{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/meddream-pacs-server-premium-6.7.1.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2018-25374"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MedDream PACS Server Premium 6.7.1.1"],"_cs_severities":["high"],"_cs_tags":["directory-traversal","web-application","CVE-2018-25374"],"_cs_type":"threat","_cs_vendors":["Softneta"],"content_html":"\u003cp\u003eCVE-2018-25374 is a directory traversal vulnerability affecting Softneta MedDream PACS Server Premium version 6.7.1.1. This vulnerability allows unauthenticated attackers to read arbitrary files on the server. By manipulating the \u003ccode\u003epath\u003c/code\u003e parameter in requests to the \u003ccode\u003enocache.php\u003c/code\u003e endpoint with encoded backslash sequences, attackers can bypass directory traversal protections and access sensitive files, potentially including system configuration files and password files. The vulnerability was reported on 2026-05-25 and poses a significant risk as it allows unauthorized access to sensitive information without requiring authentication. Exploitation is straightforward, increasing the likelihood of successful attacks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a MedDream PACS Server Premium 6.7.1.1 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003enocache.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a directory traversal payload into the \u003ccode\u003epath\u003c/code\u003e parameter using encoded backslash sequences (e.g., \u003ccode\u003e%2E%2E%2F\u003c/code\u003e for \u003ccode\u003e../\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe server processes the request without proper sanitization of the \u003ccode\u003epath\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe server attempts to read the file specified by the manipulated path, traversing directories outside of the intended web root.\u003c/li\u003e\n\u003cli\u003eIf successful, the server returns the contents of the targeted file in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information, such as configuration files or password hashes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25374 allows unauthenticated attackers to read arbitrary files on the affected server. This can lead to the disclosure of sensitive information, including system credentials, configuration details, and patient data. The vulnerability affects Softneta MedDream PACS Server Premium 6.7.1.1, potentially impacting healthcare organizations that rely on this software for medical image archiving and communication. Compromise of such data can lead to regulatory fines, reputational damage, and potential legal liabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect MedDream PACS Directory Traversal via nocache.php\u003c/code\u003e to identify exploitation attempts targeting CVE-2018-25374 by monitoring for encoded backslash sequences in requests to \u003ccode\u003enocache.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply appropriate input validation and sanitization to the \u003ccode\u003epath\u003c/code\u003e parameter in \u003ccode\u003enocache.php\u003c/code\u003e to prevent directory traversal, as outlined in the CVE-2018-25374 description.\u003c/li\u003e\n\u003cli\u003eReview the vendor\u0026rsquo;s website for potential patches or mitigation steps for CVE-2018-25374.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:15:51Z","date_published":"2026-05-26T14:15:51Z","id":"https://feed.craftedsignal.io/briefs/2026-05-meddream-directory-traversal/","summary":"Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability, tracked as CVE-2018-25374, allowing unauthenticated attackers to read arbitrary files by manipulating the path parameter in requests to nocache.php.","title":"Softneta MedDream PACS Server Premium Directory Traversal Vulnerability (CVE-2018-25374)","url":"https://feed.craftedsignal.io/briefs/2026-05-meddream-directory-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — MedDream PACS Server Premium 6.7.1.1","version":"https://jsonfeed.org/version/1.1"}