{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/meddream/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25372"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PACS Server Premium (6.7.1.1)"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25372","web-application","meddream"],"_cs_type":"advisory","_cs_vendors":["MedDream"],"content_html":"\u003cp\u003eMedDream PACS Server Premium version 6.7.1.1 is susceptible to an SQL injection vulnerability (CVE-2018-25372). This flaw enables unauthenticated attackers to inject malicious SQL code into the email parameter of the userSignup.php endpoint. By sending specially crafted POST requests, attackers can bypass authentication and execute arbitrary SQL queries against the backend MySQL database. This can lead to the extraction of sensitive information, potentially compromising patient data and system integrity. The vulnerability was reported on May 25, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies the \u003ccode\u003euserSignup.php\u003c/code\u003e endpoint as a potential target for SQL injection.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request containing SQL injection payloads within the \u003ccode\u003eemail\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted POST request to the \u003ccode\u003euserSignup.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe MedDream PACS Server processes the request without proper sanitization of the \u003ccode\u003eemail\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the backend MySQL database.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive data from the database, such as usernames, passwords, patient records, or other confidential information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can result in the unauthorized disclosure of sensitive patient data, potentially leading to violations of privacy regulations and reputational damage. Attackers may also be able to modify or delete data, disrupt system operations, or gain further access to the server. The number of affected installations is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest patches or upgrades provided by MedDream to address CVE-2018-25372.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect exploitation attempts targeting the \u003ccode\u003euserSignup.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003euserSignup.php\u003c/code\u003e containing SQL syntax in the \u003ccode\u003eemail\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:15:13Z","date_published":"2026-05-26T14:15:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-meddream-sql-injection/","summary":"MedDream PACS Server Premium 6.7.1.1 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the email parameter via a crafted POST request to the userSignup.php endpoint.","title":"CVE-2018-25372 - MedDream PACS Server Premium Unauthenticated SQL Injection","url":"https://feed.craftedsignal.io/briefs/2026-05-meddream-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Meddream","version":"https://jsonfeed.org/version/1.1"}