Vulnerabilities ›

CVE-2018-25372

High

CWE-89 — Weakness Type

                    Published: May 25, 2026                      ·  Modified: Jun 1, 2026                      ·  Source: NVD                

CVSS v3

8.2

🔗 NVD Official

📄 Description (English)

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

🤖 AI Executive Summary

CVE-2018-25372 is a critical SQL injection vulnerability in MedDream PACS Server Premium 6.7.1.1 that allows unauthenticated attackers to execute arbitrary SQL queries through the email parameter in the userSignup.php endpoint. This vulnerability enables direct access to sensitive healthcare data stored in the backend MySQL database, posing severe risks to patient privacy and data confidentiality. With a CVSS score of 8.2 and no available patch, immediate mitigation is essential for healthcare organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 23:51

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses critical risk to Saudi healthcare sector, particularly hospitals and diagnostic centers using MedDream PACS. Affected organizations include major healthcare providers under MOH, private hospitals, and diagnostic imaging centers. The vulnerability enables unauthorized access to Protected Health Information (PHI) including patient records, medical histories, and imaging data, violating GDPR and Saudi healthcare data protection regulations. Banking and financial sectors are at secondary risk if integrated with healthcare payment systems. The lack of authentication requirement makes this vulnerability particularly dangerous for Saudi healthcare infrastructure.

🏢 Affected Saudi Sectors

Healthcare Diagnostic Imaging Centers Hospitals Medical Research Institutions Government Health Agencies Private Healthcare Providers

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1566 - Phishing (if email parameter exploited via email) T1005 - Data from Local System T1213 - Data from Information Repositories T1040 - Network Sniffing T1557 - Adversary-in-the-Middle T1110 - Brute Force T1021 - Remote Services

⚖️ Saudi Risk Score (AI)

8.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all instances of MedDream PACS Server Premium 6.7.1.1 in your environment and isolate affected systems from production networks if possible

2. Implement network-level access controls to restrict access to userSignup.php endpoint to authorized users only

3. Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in email parameter (detect: UNION, SELECT, INSERT, DROP, OR 1=1, etc.)

4. Enable comprehensive logging and monitoring of all requests to userSignup.php endpoint

PATCHING GUIDANCE:

1. Contact MedDream vendor immediately for security updates or patches

2. If no patch is available, consider upgrading to a newer version of MedDream PACS if available

3. Evaluate alternative PACS solutions with better security posture

COMPENSATING CONTROLS:

1. Implement input validation and sanitization at application level - whitelist allowed email formats

2. Use parameterized queries/prepared statements for all database interactions

3. Apply principle of least privilege to database user accounts (restrict SELECT, INSERT, UPDATE, DELETE permissions)

4. Implement database activity monitoring (DAM) to detect suspicious SQL queries

5. Encrypt sensitive data at rest and in transit (TLS 1.2+)

6. Conduct regular security audits and penetration testing

DETECTION RULES:

1. Monitor POST requests to userSignup.php with SQL keywords in email parameter

2. Alert on database queries containing UNION, SELECT, OR operators from application user

3. Track failed authentication attempts and unusual database access patterns

4. Implement IDS/IPS signatures for SQL injection attacks targeting email fields

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حدد جميع نسخ خادم MedDream PACS Premium 6.7.1.1 في بيئتك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن

2. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة نهاية userSignup.php للمستخدمين المصرح لهم فقط

3. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معامل البريد الإلكتروني

4. فعّل التسجيل والمراقبة الشاملة لجميع الطلبات إلى نقطة نهاية userSignup.php

إرشادات التصحيح:

1. اتصل بمورد MedDream فورًا للحصول على تحديثات أمان أو تصحيحات

2. إذا لم يكن هناك تصحيح متاح، فكر في الترقية إلى إصدار أحدث من MedDream PACS إن أمكن

3. قيّم حلول PACS البديلة ذات وضعية أمان أفضل

عناصر التحكم التعويضية:

1. طبق التحقق من صحة المدخلات والتطهير على مستوى التطبيق - قائمة بيضاء بصيغ البريد الإلكتروني المسموحة

2. استخدم الاستعلامات المعاملة/البيانات المحضرة لجميع تفاعلات قاعدة البيانات

3. طبق مبدأ أقل امتياز على حسابات مستخدمي قاعدة البيانات

4. طبق مراقبة نشاط قاعدة البيانات (DAM) للكشف عن استعلامات SQL المريبة

5. شفّر البيانات الحساسة أثناء السكون والنقل (TLS 1.2+)

6. أجرِ عمليات تدقيق أمان واختبار اختراق منتظمة

قواعد الكشف:

1. راقب طلبات POST إلى userSignup.php بكلمات مفاتيح SQL في معامل البريد الإلكتروني

2. أصدر تنبيهات على استعلامات قاعدة البيانات التي تحتوي على عوامل UNION أو SELECT أو OR من مستخدم التطبيق

3. تتبع محاولات المصادقة الفاشلة وأنماط الوصول غير العادية إلى قاعدة البيانات

4. طبق توقيعات IDS/IPS لهجمات حقن SQL التي تستهدف حقول البريد الإلكتروني

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Secure development policy and procedures ECC 2024 A.14.2.5 - Secure development environment ECC 2024 A.13.1.1 - Network security perimeter ECC 2024 A.13.1.3 - Segregation of networks ECC 2024 A.12.4.1 - Event logging ECC 2024 A.12.4.3 - Administrator and operator logs

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Business objectives and strategies SAMA CSF PR.AC-1 - Access control policy SAMA CSF PR.DS-1 - Data security management SAMA CSF DE.AE-1 - Anomalies and events detection SAMA CSF RS.MI-1 - Incident response procedures

🟡 ISO 27001:2022

ISO 27001:2022 A.5.1 - Policies for information security ISO 27001:2022 A.6.1 - Organization of information security ISO 27001:2022 A.8.1 - User endpoint devices ISO 27001:2022 A.8.2 - Privileged access rights ISO 27001:2022 A.8.3 - Information access restriction ISO 27001:2022 A.14.2 - Secure development ISO 27001:2022 A.12.4 - Logging

🟣 PCI DSS v4.0.1

PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 6.2 - Security patches and updates PCI DSS 10.2 - User access logging PCI DSS 10.3 - Logging of administrative actions

🔗 References & Sources 2

🔗

https://www.exploit-db.com/exploits/45344

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/meddream-pacs-server-premium-sql-injection-via-email

disclosure@vulncheck.com

📊 CVSS Score

8.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score8.2

CWECWE-89

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-05-25

Source Feed nvd

🇸🇦 Saudi Risk Score

8.8

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-89

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-25372

Introduce Yourself

Sign In Required