Carlos Avila

10 exploits Active since Jul 2025
CVE-2019-25728 EXPLOITDB HIGH text WRITEUP
Care2x 2.7 Hospital Information System SQL Injection via ck_config
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication.
CVSS 8.2
CVE-2018-25374 EXPLOITDB HIGH text WORKING POC
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.
CVSS 7.5
CVE-2018-25372 EXPLOITDB HIGH text WORKING POC
MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.
CVSS 8.2
CVE-2019-25678 EXPLOITDB HIGH text WORKING POC
C4G BLIS 3.4 SQL Injection via users_select.php
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
CVSS 8.2
CVE-2019-25438 EXPLOITDB HIGH text WRITEUP
LabCollector 5.423 - Unauthenticated SQL Injection via login.php or retrieve_password.php Parameters
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
CVSS 7.5
CVE-2018-25124 EXPLOITDB HIGH text WORKING POC
PacsOne Server <6.6.2 - Path Traversal
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
CVE-2018-25113 EXPLOITDB HIGH text WORKING POC
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
CVE-2018-25113 METASPLOIT HIGH ruby WORKING POC
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
EIP-2026-110444 EXPLOITDB text WORKING POC
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
EIP-2026-109116 EXPLOITDB text WORKING POC
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions