CVE-2018-25113

HIGH

Dicoogle PACS Web Server <2.5.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-25113. PoCs published by Carlos Avila, Carlos Avila, h00die, including Metasploit module auxiliary/scanner/http/dicoogle_traversal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Dicoogle PACS 2.5.0 via the 'UID' parameter in a GET request, allowing an attacker to read arbitrary files accessible to the web user.

Description

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Carlos Avila · textwebappsmultiple

https://www.exploit-db.com/exploits/45007

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Dicoogle PACS 2.5.0 via the 'UID' parameter in a GET request, allowing an attacker to read arbitrary files accessible to the web user.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dicoogle PACS 2.5.0-20171229_1522

No auth needed

Prerequisites: Network access to the target server · Dicoogle PACS 2.5.0 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Carlos Avila, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Dicoogle PACS Web Server v2.5.0, allowing arbitrary file reads via a crafted GET request to the '/exportFile' endpoint with a traversal payload in the 'UID' parameter.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dicoogle PACS Web Server v2.5.0 and earlier

No auth needed

Prerequisites: Network access to the target server · Target running Dicoogle PACS Web Server on Windows

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45007

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/dicoogle_traversal.rb

Vendor Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/46527/dicoogle-pacs-web-server-directory-traversal

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/dicoogle-pacs-web-server-path-traversal

Scores

CVSS v4 8.7

EPSS 0.7029

EPSS Percentile 98.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Dicoogle Project/PACS Web Server 2.5.0

Published Jul 23, 2025

Tracked Since Feb 18, 2026