PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

N/A

对路径名的限制不恰当(路径遍历)

Rainbowfish RainbowFish PacsOne Server 安全漏洞

Rainbowfish RainbowFish PacsOne Server是美国彩虹软件（Rainbowfish）公司的一种图片存档和通信系统服务器。该系统应用于保存接收到的图像。 Rainbowfish RainbowFish PacsOne Server 6.6.2版本存在安全漏洞，该漏洞源于web-based DICOM viewer组件存在目录遍历，可能导致远程未经验证的攻击者通过特制path参数读取任意文件。

N/A

N/A