PatchSiren

MedDream CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH MedDream CVE published 2026-05-25

CVE-2018-25372

MedDream PACS Server Premium 6.7.1.1 contains an unauthenticated SQL injection vulnerability in the userSignup.php endpoint. The email parameter fails to properly sanitize user input, allowing attackers to inject malicious SQL payloads via crafted POST requests. Successful exploitation enables arbitrary SQL query execution against the backend MySQL database, potentially exposing sensitive patient data, au [truncated]