2025-11-10 22:32:03
VulnCheck
PUBLISHED
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the nocache.php endpoint with a crafted path parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.