CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-8816

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score89.3440%
EPSS Percentile86.16th
Published2020年5月29日
Last Modified2025年11月10日

Vulnerability Description

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Affected Platforms (CPE)

📦
Pi Hole

Pi Hole

<= 4.3.2

References & Advisories

🔗 http://packetstormsecurity.com/files/157861/Pi-Hole-4.3.2-DHCP-MAC-OS-Command-Execution.html
🔗 http://packetstormsecurity.com/files/158737/Pi-hole-4.3.2-Remote-Code-Execution.html
🔗 https://github.com/pi-hole/AdminLTE/commits/master
🔗 https://github.com/pi-hole/AdminLTE/pull/1165
🔗 https://github.com/pi-hole/AdminLTE/releases/tag/v4.3.3
🔗 https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
🔗 https://twitter.com/Nate_Kappa/status/1243900213665902592?s=20
🔗 http://packetstormsecurity.com/files/157861/Pi-Hole-4.3.2-DHCP-MAC-OS-Command-Execution.html

相關漏洞威脅

CVE-2008-718910.0

Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security...

CVE-2005-484710.0

Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could l...

CVE-2004-240710.0

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the...

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL