Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection
Vulnerability Description
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is made to a file ending with the .lp extension, the application performs a redirect without properly sanitizing the input. An attacker can inject carriage return and line feed characters (%0d%0a) to manipulate both the headers and the content of the HTTP response. This enables the injection of arbitrary HTTP response headers, potentially leading to session fixation, cache poisoning, and the weakening or bypassing of browser-based security mechanisms such as Content Security Policy or X-XSS-Protection. This vulnerability is fixed in 6.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Pi-Hole Adminlte 注入漏洞
Vulnerability Description
Pi-Hole Adminlte是一个控制面板。用于统计更多数据。 Pi-Hole Adminlte 6.3之前版本存在注入漏洞,该漏洞源于对.lp扩展名文件的请求重定向时未正确清理输入,可能导致CRLF注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A