Santesoft Sante Pacs Server vulnerabilities
18 known vulnerabilities affecting santesoft/sante_pacs_server.
Total CVEs
18
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH8MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-2264P1HIGHCVSS 7.5ExploitedPoCv4.1.02025-03-13
CVE-2025-2264 [HIGH] CWE-22 CVE-2025-2264: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthen
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
nvd
CVE-2022-2272P2CRITICALCVSS 9.8v3.0.42022-08-03
CVE-2022-2272 [CRITICAL] CWE-89 CVE-2022-2272: This vulnerability allows remote attackers to bypass authentication on affected installations of San
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied
nvd
CVE-2024-1863P2CRITICALCVSS 9.8fixed in 3.3.62024-04-01
CVE-2024-1863 [CRITICAL] CWE-89 CVE-2024-1863: Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerabili
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HTTP requests on port 3000. When parsi
nvd
CVE-2023-51637P2CRITICALCVSS 9.8fixed in 3.3.72024-05-22
CVE-2023-51637 [CRITICAL] CWE-89 CVE-2023-51637: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerabi
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the DICOM service, which li
nvd
CVE-2025-2263P2CRITICALCVSS 9.8v4.1.02025-03-13
CVE-2025-2263 [CRITICAL] CWE-121 CVE-2025-2263: During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is cal
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attac
nvd
CVE-2025-53948P3HIGHCVSS 7.5fixed in 4.2.32025-08-18
CVE-2025-53948 [HIGH] CWE-415 CVE-2025-53948: The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 mes
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
nvd
CVE-2025-2284P3HIGHCVSS 7.5v4.1.02025-03-13
CVE-2025-2284 [HIGH] CWE-824 CVE-2025-2284: A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Ser
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
nvd
CVE-2025-0568P3HIGHCVSS 7.5fixed in 4.0.102025-01-30
CVE-2025-0568 [HIGH] CWE-119 CVE-2025-0568: Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerabi
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results
nvd
CVE-2025-0569P3HIGHCVSS 7.5fixed in 4.0.102025-01-30
CVE-2025-0569 [HIGH] CWE-119 CVE-2025-0569: Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerabi
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results
nvd
CVE-2025-0574P3HIGHCVSS 7.5fixed in 4.0.102025-01-30
CVE-2025-0574 [HIGH] CWE-119 CVE-2025-0574: Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability all
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of URLs in the web server module. The i
nvd
CVE-2025-2265P3HIGHCVSS 7.8v4.1.02025-03-13
CVE-2025-2265 [HIGH] CWE-916 CVE-2025-2265: The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, b
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
nvd
CVE-2025-54156P3HIGHCVSS 7.5fixed in 4.2.32025-08-18
CVE-2025-54156 [HIGH] CWE-319 CVE-2025-54156: The Sante PACS Server Web Portal sends credential information without encryption.
The Sante PACS Server Web Portal sends credential information without encryption.
nvd
CVE-2025-0570P3MEDIUMCVSS 6.5fixed in 4.0.102025-01-30
CVE-2025-0570 [MEDIUM] CWE-119 CVE-2025-0570: Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Thi
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issu
nvd
CVE-2025-0571P3MEDIUMCVSS 6.5fixed in 4.0.102025-01-30
CVE-2025-0571 [MEDIUM] CWE-119 CVE-2025-0571: Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Thi
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issu
nvd
CVE-2025-0573P3MEDIUMCVSS 5.3fixed in 4.0.102025-01-30
CVE-2025-0573 [MEDIUM] CWE-22 CVE-2025-0573: Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vuln
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from th
nvd
CVE-2025-0572P4MEDIUMCVSS 4.3fixed in 4.0.102025-01-30
CVE-2025-0572 [MEDIUM] CWE-22 CVE-2025-0572: Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results
nvd
CVE-2025-54759P4MEDIUMCVSS 6.1fixed in 4.2.32025-08-18
CVE-2025-54759 [MEDIUM] CWE-79 CVE-2025-54759: Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious H
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
nvd
CVE-2025-54862P4MEDIUMCVSS 5.4fixed in 4.2.32025-08-18
CVE-2025-54862 [MEDIUM] CWE-79 CVE-2025-54862: Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
nvd