← back
CVE-2020-14162

CVE-2020-14162

EPSS 0.6%
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://0xpanic.github.io/2020/07/21/Pihole.htmlhttps://docs.pi-hole.net/core/pihole-command/