Grafana Image Renderer 插件 需授权 文件上传限制不当漏洞 可导致远程代码执行

漏洞描述

PoC代码

暂无

相关漏洞推荐

• POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
• POC CVE-2025-55303: Astro - Unauthorized Third-Party Image Access
• POC CVE-2019-14206: Nevma Adaptive Images - Arbitrary File Deletion
• POC grafana-unauth-access: Grafana Unauthenticated Access
• POC wordpress-menu-image-fpd: WordPress Menu Image - Full Path Disclosure
• POC grafana-metrics-exposure: Grafana Metrics Endpoint - Information Disclosure
• POC imageresizer-debug-exposure: ImageResizer Debug - Information Exposure
• POC wp-image-widget-fpd: Image Widget - Full Path Disclosure
• POC JNPF快速开发平台 /api/file/Image/userAvatar/aa 文件读取漏洞
• POC CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
• 关于U8cloud系统2.5-5.1sp版本getImageURL接口存在拒绝服务漏洞的安全公告
• Grafana Grafana 权限管理不当漏洞
• POC CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File