CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34361 – Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-34361
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue. Pi-hole es un sumidero de DNS que protege los dispositivos de contenido no deseado sin instalar ningún software del lado del cliente. • https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28247 – Pihole Authenticated Arbitrary File Read with root privileges
https://notcve.org/view.php?id=CVE-2024-28247
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. • https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read https://github.com/pi-hole/pi-hole/commit/f3af03174e676c20e502a92ed7842159f2fdeb7e https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23614 – Improper session handling of "Remember me for 7 days" functionality
https://notcve.org/view.php?id=CVE-2023-23614
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the hash" to login or reuse a theoretically expired "remember me" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn't change. • https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m • CWE-613: Insufficient Session Expiration CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 2CVE-2022-23513 – Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
https://notcve.org/view.php?id=CVE-2022-23513
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. Pi-Hole es un bloqueador de anuncios en toda la red a través de su propio hardware Linux, AdminLTE es un panel de Pi-hole para estadísticas y más. • https://www.exploit-db.com/exploits/51705 http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html https://github.com/pi-hole/AdminLTE/releases/tag/v5.18 https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31029 – Authenticated XSS in Pi-hole AdminLTE
https://notcve.org/view.php?id=CVE-2022-31029
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. • https://github.com/pi-hole/AdminLTE/commit/b07372bd426ca8111824a0244dc89d07a7243509 https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-cfr5-rqm5-9vhp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •