Vulnerability identifier: #VU49027

Vulnerability risk: Medium

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-8816

CWE-ID: CWE-77

Exploitation vector: Network

Exploits in database: 4

• February 18, 2022
  • CVE-2020-8816 (A PoC for CVE-2020-8816 that does not use $PATH but $PWD and globbing) [Github]
• September 2, 2021
  • CVE-2020-8816 (Pi-hole Remote Code Execution authenticated Version >= 4.3.2) [Github]
• June 17, 2021
  • Pi-hole 4.3.2 - Remote Code Execution (Authenticated) [Exploit-DB]
• December 16, 2020
  • Pi-Hole DHCP MAC OS Command Execution [Metasploit]

Impact: Code execution

Vulnerable software:
Pi-hole
Web applications / Modules and components for CMS

Vendor: Pi-hole