Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Server Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in MedDream PACS Server version 6.8.3.751. This vulnerability allows authenticated users to upload malicious PHP files through the uploadImage.php endpoint. Once uploaded, these files can be executed to run arbitrary system commands with elevated privileges.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server.

Reproduction

To reproduce this vulnerability, authenticate as a user with upload privileges. Once logged in, navigate to the uploadImage.php endpoint and upload a PHP file containing a web shell. After the file is uploaded, it can be accessed via the upload directory, where the uploaded PHP shell can be executed to run commands on the server.

Remediation

Users are advised to update to the latest version of MedDream PACS Server. For MedDream PACS Premium, version 7.3.7.880 is available, and for MedDream PACS Lite, version 1.12.10.880 can be downloaded.

Added: Jan 29, 2026, 3:33 PM
Updated: Jan 29, 2026, 5:27 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
2.5
exploitability
6.2
remediation
0.0
relevance
2.3
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.