Home

Description

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

PUBLISHED Reserved 2026-05-25 | Published 2026-05-25 | Updated 2026-05-26 | Assigner VulnCheck




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

6.7.1.1
affected

Credits

Carlos Avila finder

References

www.exploit-db.com/exploits/45344 (ExploitDB-45344) exploit

www.vulncheck.com/...-server-premium-sql-injection-via-email (VulnCheck Advisory: MedDream PACS Server Premium 6.7.1.1 SQL Injection via email) third-party-advisory

cve.org (CVE-2018-25372)

nvd.nist.gov (CVE-2018-25372)

Download JSON