CVE-2025-34087
- EPSS 46.72%
- Veröffentlicht 03.07.2025 19:46:49
- Zuletzt bearbeitet 01.10.2025 14:08:35
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the doma...
CVE-2022-23513
- EPSS 7.68%
- Veröffentlicht 23.12.2022 00:15:08
- Zuletzt bearbeitet 11.04.2025 14:48:51
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` ...
CVE-2022-31029
- EPSS 0.24%
- Veröffentlicht 07.07.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:44
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will ...