CVE-2020-37009
Unknown
Unknown - Not Provided
Authenticated Remote Code Execution in MedDream PACS Server Upload Endpoint
Vulnerability report for CVE-2020-37009, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | meddream_pacs_server | 6.8.3.751 |
| meddream | meddream_pacs_server | 6.8.3.1.751 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |