CVE-2020-37009

HIGH

MedDream PACS Server 6.8.3.751 - Authenticated RCE

Title source: llm

Description

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonwebappsphp

https://www.exploit-db.com/exploits/48853

View Code ZIP pw:eip

References (3)

[Various Sources] https://meddream.com/products/meddream-pacs-server/

[Third Party Advisory] https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-execution

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48853

Scores

CVSS v3 8.8

EPSS 0.0026

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status draft

Timeline

Published Jan 29, 2026

Tracked Since Feb 18, 2026