CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html - () http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html -
References () http://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.html -
References () https://frichetten.com/blog/cve-2020-11108-pihole-rce/ - Exploit, Third Party Advisory () https://frichetten.com/blog/cve-2020-11108-pihole-rce/ - Exploit, Third Party Advisory
References () https://github.com/Frichetten/CVE-2020-11108-PoC - Exploit, Third Party Advisory () https://github.com/Frichetten/CVE-2020-11108-PoC - Exploit, Third Party Advisory

Information

Published : 2020-05-11 15:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-11108

Mitre link : CVE-2020-11108

CVE.ORG link : CVE-2020-11108


JSON object : View

Products Affected

pi-hole

  • pi-hole
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type