VYPR

pihole core script

by Pi Hole

CVEs (1)

  • CVE-2020-14162HigJul 30, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.