Headline

CVE-2022-23513: Release v5.18 · pi-hole/AdminLTE

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: /admin/scripts/pi-hole/phpqueryads.php. Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims’ personal blacklists.

1 year ago

CVE

Open in Source

#vulnerability #linux #git #php #auth

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

- For
- Enterprise
- Teams
- Startups
- Education
- By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
- Case Studies
- Customer Stories
- Resources
- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

Pricing

Related news

AdminLTE PiHole Broken Access Control

AdminTLE PiHole versions prior to 5.18 suffer from a broken access control vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #web #google #debian #git #php #auth

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago