CVE-2020-37009

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) MedDream PACS Server 6.8.3.751 contiene una vulnerabilidad de ejecución remota de código autenticada que permite a usuarios autorizados subir archivos PHP maliciosos. Los atacantes pueden explotar el endpoint uploadImage.php autenticándose y subiendo un shell PHP para ejecutar comandos de sistema arbitrarios con privilegios elevados.

29 Jan 2026, 17:16

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/48853 - () https://www.exploit-db.com/exploits/48853 -

29 Jan 2026, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-29 15:16

Updated : 2026-06-17 03:16


NVD link : CVE-2020-37009

Mitre link : CVE-2020-37009

CVE.ORG link : CVE-2020-37009


JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type