CVE-2020-37009

High CVSS: 8.7

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2026-01-29 15:16:07

Güncelleme

2026-01-29 17:16:11

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 HIGH 2026

Referanslar

https://meddream.com/products/meddream-pacs-server/ https://www.exploit-db.com/exploits/48853 https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution https://www.exploit-db.com/exploits/48853