CVE-2020-8816

HIGH KEV

Pi-hole Web <4.3.2 - RCE

Title source: llm

Description

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Exploits (6)

exploitdb WORKING POC
by Luis Vacacas · pythonwebappspython
https://www.exploit-db.com/exploits/48727
nomisec WORKING POC 11 stars
by cybervaca · remote-auth
https://github.com/cybervaca/CVE-2020-8816
nomisec WORKING POC 10 stars
by AndreyRainchik · remote-auth
https://github.com/AndreyRainchik/CVE-2020-8816
nomisec WORKING POC 6 stars
by team0se7en · remote-auth
https://github.com/team0se7en/CVE-2020-8816
nomisec SUSPICIOUS 1 stars
by martinsohn · poc
https://github.com/martinsohn/CVE-2020-8816
metasploit WORKING POC GOOD
by h00die, François Renaud-Philippon <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pihole_dhcp_mac_exec.rb

References (8)

Scores

CVSS v3 7.2
EPSS 0.9077
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-12-10
VulnCheck KEV 2020-12-14
InTheWild.io 2021-12-10
ENISA EUVD EUVD-2020-29664
CWE
CWE-78
Status published
Products (1)
pi-hole/pi-hole < 4.3.2
Published May 29, 2020
KEV Added Dec 10, 2021
Tracked Since Feb 18, 2026