MedDream PACS Server 6.8.3.751 - Remote Code Execution | Advisories

Advisories

MedDream PACS Server 6.8.3.751 - Remote Code Execution

severity: high
date: January 29, 2026
Affecting: MedDream PACS Server 6.8.3.751
CVE: CVE-2020-37009
CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-48853
MedDream PACS Server Product Page
Credit: bzyo
Description: MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.