Carlos Avila

10 exploits Active since Jul 2025
CVE-2019-25678 EXPLOITDB HIGH text WORKING POC
C4G BLIS 3.4 SQL Injection via users_select.php
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
CVSS 8.2
CVE-2019-25438 EXPLOITDB HIGH text WRITEUP
LabCollector 5.423 - SQL Injection
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
CVSS 7.5
CVE-2018-25124 EXPLOITDB HIGH text WORKING POC
PacsOne Server <6.6.2 - Path Traversal
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
CVE-2018-25113 EXPLOITDB HIGH text WORKING POC
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
CVE-2018-25113 METASPLOIT HIGH ruby WORKING POC
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
EIP-2026-112333 EXPLOITDB text WORKING POC
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
EIP-2026-110444 EXPLOITDB text WORKING POC
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
EIP-2026-109382 EXPLOITDB text WORKING POC
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
EIP-2026-109116 EXPLOITDB text WORKING POC
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
EIP-2026-105726 EXPLOITDB text WRITEUP
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection