CVE-2020-37009

MedDream PACS Server 6.8.3.751 - Remote Code Execution

CVSS 8.7 HIGHEPSS 0.5%CWE-434

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

MedDream · MedDream PACS Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://meddream.com/products/meddream-pacs-server/https://www.exploit-db.com/exploits/48853 https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution