Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2020-11108

Published: 11/05/2020 Updated: 27/05/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Pi-hole

Vulnerability Summary

The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pi-hole pi-hole

Exploits

Exploit DB: Pi-Hole heisenbergCompensator Blocklist OS Command Execution
This Metasploit module exploits a command execution in Pi-Hole versions 44 and below A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content PHP content is then written to a file within the webroot Phase 1 writes a sudo pihole command to launch teleporter, effectively running a privilege escalation Pha ...
Exploit DB: Pi-hole 4.4.0 Remote Code Execution
Pi-hole version 440 suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/Frichetten/Frichetten

Read Me :)

"Hello there" My name is Nick Frichette and I'm a Senior Security Researcher, primarily focused on cloud, web application, and CI/CD exploitation Previously, I worked as a Penetration Tester and Team Lead for a large financial services company In addition, I'm the creator and primary maintainer of Hacking the Cloud, an encyclopedia of the techniques that o

https://github.com/Frichetten/CVE-2020-11108-PoC

PoCs for CVE-2020-11108; an RCE and priv esc in Pi-hole

CVE-2020-11108-PoC Two PoCs are in this repo cve-2020-11108-rcepy will give you a shell as the www-data user root-cve-2020-11108-rcepy will give you a shell and escalate privileges to root Note: This is destructive as we must overwrite teleporterphp For a full explanation/writeup please see this blog post

References

CWE-434https://frichetten.com/blog/cve-2020-11108-pihole-rce/https://github.com/Frichetten/CVE-2020-11108-PoChttp://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.htmlhttp://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/Frichetten/Frichettenhttps://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook