QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25124

Published: Nov 10, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Vendor	Product	Versions
RainbowFish Software	PacsOne Server	affected `6.6.2`

Weaknesses (CWE)

References

https://www.exploit-db.com/exploits/43907

exploit

https://pacsone.net/download.htm

product

https://www.vulncheck.com/advisories/pacsone-server-dicom-web-viewer-directory-traversal-lfi

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.