Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability
Vulnerability Description
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21579.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Santesoft Sante PACS Server 安全漏洞
Vulnerability Description
Santesoft Sante PACS Server是塞浦路斯Santesoft公司的一个符合 DICOM 3.0 的PACS 服务器、Modality Worklist 服务器、 用于 DICOM 文件的 HTTP(Web)服务器以及 CD/DVD 刻录和打印服务器。用于存储、存档、管理、查看和刻录医学图像。 Santesoft Sante PACS Server存在安全漏洞,该漏洞源于DICOM 服务存在特定缺陷,该服务默认侦听 TCP 端口 11122,解析 PATIENT 记录的 NAME 元素
CVSS Information
N/A
Vulnerability Type
N/A