Dicoogle PACS Web Server Path Traversal Vulnerability

A path traversal vulnerability allowing unauthorized file access has been identified in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. This vulnerability enables remote attackers to read arbitrary files on the server's file system by sending a crafted request to the /exportFile endpoint with the UID parameter. The exploitation of this vulnerability could lead to the disclosure of sensitive information accessible by the web server user.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server, with potential exposure of confidential information.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /exportFile endpoint with a crafted UID parameter that includes directory traversal sequences. This request can be made using a web browser, curl, or a similar tool. The traversal depth can be adjusted to reach the desired file, such as the Windows win.ini file.