What is GHSA-pjg3-5886-3fjh?

GHSA-pjg3-5886-3fjh is a security advisory published by GitHub Security Advisories with High severity. MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows...

Which CVE IDs does GHSA-pjg3-5886-3fjh cover?

GHSA-pjg3-5886-3fjh covers the following CVE IDs: CVE-2018-25372. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-pjg3-5886-3fjh?

GHSA-pjg3-5886-3fjh has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-pjg3-5886-3fjhHighCVSS 8.2

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25372 →

📋 Description

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2018-25372
https://www.exploit-db.com/exploits/45344
https://www.vulncheck.com/advisories/meddream-pacs-server-premium-sql-injection-via-email
https://github.com/advisories/GHSA-pjg3-5886-3fjh