cbcvebase.
CVE-2024-34361
published 2024-07-05

CVE-2024-34361: Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.83%
84.8th percentile
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.

Affected

1 ranges
VendorProductVersion rangeFixed in
pi-holepi-hole< 5.18.35.18.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.