Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HPi Hole
APPPi-Hole< 5.18.3
Powiązane podatności
Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHC...
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of th...
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-s...
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statis...