Vulnerability Database

300,926

Total vulnerabilities in the database

CVE-2018-25113

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.

Published: Jul 23, 2025
Updated: Nov 9, 2025
CVE: CVE-2018-25113
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb
https://www.exploit-db.com/exploits/45007
https://www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-traversal
https://www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo