5.3

CVE-2022-23513

Exploit

EPSS 7.68%
Veröffentlicht 23.12.2022 00:15:08
Zuletzt bearbeitet 11.04.2025 14:48:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on  `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path:
`/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pi-hole ≫ Adminlte Version <= 5.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.68%	0.917

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html

Exploit

https://github.com/pi-hole/AdminLTE/releases/tag/v5.18

Third Party Advisory

Release Notes

https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-23513

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23513

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23513

EUVD