CVE-2018-25372 HIGH

CVE-2018-25372: MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

Vendor Meddream
Product PACS Server Premium
Weakness CWE-89 · SQLi
Published May 25, 2026
Last update May 26, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

Key dates

02Disclosure timeline

May 25, 2026 CVE published
May 26, 2026 Record updated