漏洞描述
Pimcore是一款开源的企业级内容管理系统(CMS). Pimcore 中存在sql注入漏洞,该漏洞是由于grid-proxy接口对用户的请求验证不当导致的。
Pimcore grid-proxy CVE-2023-47637 SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- Tautulli /real_pms_image_proxy 目录遍历漏洞(CVE-2025-58761)
- Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419)
- LobeChat /api/proxy 服务器端请求伪造漏洞(CVE-2024-32964)
- POC CVE-2021-3019: ffay lanproxy Directory Traversal
- POC CVE-2023-1496: Imgproxy < 3.14.0 - Cross-site Scripting (XSS)
- POC CVE-2023-30019: Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
- POC CVE-2021-3019: Lanproxy Directory Traversal
- POC alibaba-anyproxy-fetchbody-anyfile-read: Alibaba AnyProxy fetchBody 任意文件读取漏洞
- POC founder-image-proxy-do-fileread: 方正畅享全媒体新闻采编系统 imageProxy.do 任意文件读取
- POC yonyou-grp-u8-app-proxy-uploadfile: 用友 GRP-U8 U8AppProxy 任意文件上传
- POC yonyou-grp-u8-proxy-xxe-sqli: 用友 GRP-U8 Proxy XXE-SQL注入漏洞
- POC nginx-proxy-manager-default-login: Nginx Proxy Manager - Default Login
- POC haproxy-config-file: Haproxy Config - File Disclosure