Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HPi Hole
APPPi-Hole≤ 4.3.2
CISA KEV — detailsi
- Vendori
- Pi-hole
- Producti
- AdminLTE
- Added to KEVi
- December 10, 2021
- Remediation deadline (US Federal)i
- June 10, 2022(overdue)
Apply updates per vendor instructions.
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
Related vulnerabilities
Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of th...
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side softw...
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-s...
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statis...