SQL Injection Vulnerability in MedDream PACS Server Premium
CVE-2018-25372

8.8HIGH

Key Information:

Vendor: Meddream
Status: Pacs Server Premium
Vendor: CVE Published:; 25 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25372?

The MedDream PACS Server Premium 6.7.1.1 is exposed to an SQL injection vulnerability that permits unauthorized users to execute arbitrary SQL commands. By manipulating the email parameter in POST requests directed to userSignup.php, malicious actors can inject crafted SQL payloads, enabling them to access sensitive information stored in the MySQL database. This critical flaw underscores the need for developers to validate user inputs and implement robust security measures to protect sensitive data.

Affected Version(s)

PACS Server Premium 6.7.1.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25372 - Proof of Concept

References

https://www.exploit-db.com/exploits/45344

exploit

https://www.vulncheck.com/advisories/meddream-pacs-server...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 25, 2026
👾
Exploit known to exist
May 25, 2026
Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

Credit

Carlos Avila

CVE-2018-25372 Data

JSON

Meddream

Badges

What is CVE-2018-25372?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit