Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Vulnerability Description
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Pi-hole 访问控制错误漏洞
Vulnerability Description
Pi-hole是Pi-hole公司的一款网络级广告拦截应用程序。 Pi-hole 存在访问控制错误漏洞,该漏洞源于根服务器路径上的代码缺乏验证。
CVSS Information
N/A
Vulnerability Type
N/A