Main Vulnerability Database Exploits ID:9672 - Exploit for External Control of File Name or Path in Pi-hole - CVE-2024-28247

ID:9672 - Exploit for External Control of File Name or Path in Pi-hole - CVE-2024-28247

Published: April 5, 2024

Vulnerability identifier: #VU87908

Vulnerability risk: Medium

CVE-ID: CVE-2024-28247

CWE-ID: CWE-73

Exploitation vector: Remote access

Vulnerable software:
Pi-hole

Link to public exploit:

https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read

Vulnerability description

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to application allows an attacker to control path of the files to read when accessing them via the "file://" handler. A remote attacker can send a specially crafted request and read arbitrary files on the system with root privileges.

Remediation

Install updates from vendor's website.

ID:9672 - Exploit for External Control of File Name or Path in Pi-hole - CVE-2024-28247

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human