Pi-Hole Remove Commands Linux Privilege Escalation Exploit

Anon666Exp3rt 868 2nd Sep, 2021

Loading Please wait...

CVECVE-2021-29449 | remote exploits | multiple | Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

To share this paste please copy this url and send to your friends
RAW Paste Data
Recent Pastes