Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pi-hole pi-hole 5.0 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-35591
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes ...
Pi-hole Pi-hole 5.0
Pi-hole Pi-hole 5.1
Pi-hole Pi-hole 5.1.1
3.5
CVSSv2
CVE-2020-35592
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the ...
Pi-hole Pi-hole 5.0
Pi-hole Pi-hole 5.1
Pi-hole Pi-hole 5.1.1
7.2
CVSSv2
CVE-2020-14162
An issue exists in Pi-Hole up to and including 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an malicious user to obtain root access via shell metacharacters to this script's setdns command.
Pi-hole Pi-hole
4.6
CVSSv2
CVE-2020-14971
Pi-hole up to and including 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php....
Pi-hole Pi-hole
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started