CVE-2020-37009

MedDream PACS Server 6.8.3.751 - Remote Code Execution

CVSS 8.7 HIGHEPSS 0.5%CWE-434

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 ene 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

MedDream · MedDream PACS Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://meddream.com/products/meddream-pacs-server/https://www.exploit-db.com/exploits/48853 https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution