CVE-2020-29163
Description
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PacsOne Server/PacsOne Serverdescription
- Range: <7.1.1
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization in SQL query construction allows injection of arbitrary SQL commands."
Attack vector
An attacker can inject malicious SQL statements through user-supplied input fields in the PacsOne Server web interface. Because the application fails to sanitize or parameterize these inputs before constructing database queries, the attacker can manipulate the SQL logic to extract, modify, or delete sensitive data stored in the underlying MySQL database. The attack is performed over HTTP/HTTPS and requires no special privileges beyond network access to the PacsOne web application [ref_id=1].
Affected code
The advisory does not specify the exact file or function containing the SQL injection vulnerability. The vendor's download page lists version 7.1.1 as the affected threshold but does not provide a patch diff or source-level details.
What the fix does
The advisory does not include a published patch or code diff. The vendor's version history indicates that the vulnerability was addressed in release 7.1.1, but no specific remediation details (e.g., use of prepared statements or input validation) are disclosed in the available reference [ref_id=1].
Preconditions
- networkNetwork access to the PacsOne Server web interface (HTTP/HTTPS).
- configThe application must be running a version below 7.1.1.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070dmitrex_refsource_MISC
- pacsone.net/download.htmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.