Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

PacsOne Server Directory Traversal Vulnerability in DICOM Web Viewer Component

Vulnerability

Exploited

A directory traversal vulnerability has been identified in PacsOne Server version 6.6.2, within the web-based DICOM viewer component. This vulnerability allows remote unauthenticated attackers to read arbitrary files by exploiting the 'path' parameter in the 'nocache.php' endpoint. Evidence of this exploitation was observed by the Shadowserver Foundation on February 7, 2025.

Impact

Exploitation of this vulnerability could lead to local file inclusion, allowing attackers to read sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a GET request to the 'nocache.php' endpoint with a crafted 'path' parameter that traverses directories (using '../' sequences) to access arbitrary files. For example, targeting the Windows 'win.ini' file or the Linux '/etc/passwd' file would demonstrate the vulnerability.

Added: Nov 10, 2025, 11:25 PM

Updated: Nov 10, 2025, 11:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

9.1

remediation

0.0

relevance

0.9

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

9.1

remediation

0.0

relevance

0.9

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

PacsOne Server Directory Traversal Vulnerability in DICOM Web Viewer Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating