Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pi-hole Gravity updater 代码问题漏洞
Vulnerability Description
Pi-hole是Pi-hole公司的一款网络级广告拦截应用程序。Gravity updater是使用在其中的一个自动更新插件。 Pi-hole 4.4及之前版本中的Gravity updater的gravity_DownloadBlocklistFromUrl存在安全漏洞。攻击者可利用该漏洞向Web目录中写入PHP文件,执行代码。
CVSS Information
N/A
Vulnerability Type
N/A