MedDream PACS Server Premium SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in MedDream PACS Server Premium version 6.7.1.1. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Exploitation involves sending crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field, enabling attackers to extract sensitive information from the backend MySQL database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation within the database.

Added: May 26, 2026, 7:32 PM

Updated: May 26, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MedDream PACS Server Premium SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

MedDream PACS Server Premium

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating