2020-07-30 13:05:32
mitre
PUBLISHED
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this scripts setdns command.