CNNVD-202511-887 Information
CNNVD ID
CNNVD-202511-887
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Rainbowfish RainbowFish PacsOne Server是美国彩虹软件(Rainbowfish)公司的一种图片存档和通信系统服务器。该系统应用于保存接收到的图像。 Rainbowfish RainbowFish PacsOne Server 6.6.2版本存在安全漏洞,该漏洞源于web-based DICOM viewer组件存在目录遍历,可能导致远程未经验证的攻击者通过特制path参数读取任意文件。
Description (English)
Rainbowfish RainbowFish PacsOne Server is a photo filing and communication system server for Rainbowfish. The system should be used to preserve the images received. There is a security loophole in version 6.6.2 of Rainbowfish RainbowFish PacsOne Server, which stems from the existence of a directory of the web-based DICOM viewer component, which may lead to remote unverified assailants reading any file through a special path parameter.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
彩虹软件
Published
2025-11-10
Last Modified
2026-02-24
References
https://pacsone.net/download.htm https://www.exploit-db.com/exploits/43907 https://www.vulncheck.com/advisories/pacsone-server-dicom-web-viewer-directory-traversal-lfi https://access.redhat.com/security/cve/cve-2018-25124
Patch
https://pacsone.net/download.htm
Share on: