Cyber Resilience

CVE-2018-25372

HighPublic PoC

Published: 25 May 2026

Published
25 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 22.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25372 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads…

more

in the email field to extract sensitive database information from the backend MySQL database.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-26709Shared CWE-89
CVE-2026-24956Shared CWE-89
CVE-2021-47980Shared CWE-89
CVE-2018-25199Shared CWE-89
CVE-2026-27179Shared CWE-89
CVE-2026-33615Shared CWE-89
CVE-2025-0308Shared CWE-89
CVE-2025-28939Shared CWE-89
CVE-2019-25581Shared CWE-89
CVE-2026-27885Shared CWE-89

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References