HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-8816

CVSS 7.2v3.1pub. 2020-05-29upd. 2025-11-10

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Pi Hole

    APP
    Pi-Hole
    ≤ 4.3.2

CISA KEV — detailsi

Vendori
Pi-hole
Producti
AdminLTE
Added to KEVi
December 10, 2021
Remediation deadline (US Federal)i
June 10, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 10 czerwca 2022
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2025-34087CRITICAL9.0PL ✓ten sam produkt

Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS

CVE-2024-44069HIGH7.5ten sam produkt

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of th...

CVE-2024-34361HIGH8.5ten sam produkt

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side softw...

CVE-2024-28247HIGH7.6ten sam produkt

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-s...

CVE-2021-32706HIGH7.6ten sam produkt

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statis...