Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module detects a critical vulnerability in ECSIMAGING PACS Application version 6.21.5 and below. It targets the ECSIMAGING PACS software and is designed to detect a command injection vulnerability and a local file inclusion vulnerability.
The command injection vulnerability allows an attacker to execute arbitrary commands on the affected system. This can lead to unauthorized access, data leakage, and potential compromise of the entire system.
The local file inclusion vulnerability allows an attacker to include local files on the server, which can result in the disclosure of sensitive information, such as configuration files or even source code.
The module sends an HTTP GET request to the endpoint /showfile.php?file=/etc/passwd
in the ECSIMAGING PACS application. It then performs two matching conditions:
When both matching conditions are met, the module reports the vulnerability, indicating the presence of a command injection and local file inclusion vulnerability in the ECSIMAGING PACS application.