Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NPi Hole
APPPi-Hole< 6.0
Powiązane podatności
Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHC...
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side softw...
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-s...
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statis...