Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
Vulnerability Description
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Sante PACS Server 路径遍历漏洞
Vulnerability Description
Santesoft Sante PACS Server是塞浦路斯Santesoft公司的一个符合 DICOM 3.0 的PACS 服务器、Modality Worklist 服务器、 用于 DICOM 文件的 HTTP(Web)服务器以及 CD/DVD 刻录和打印服务器。用于存储、存档、管理、查看和刻录医学图像。 Sante PACS Server存在路径遍历漏洞,该漏洞源于在文件操作中使用用户提供的路径之前没有对其进行适当的验证。攻击者利用该漏洞可以写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A