CVE-2022-23513

Published: Dic 23, 2022 Last Modified: Apr 11, 2025
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path:
`/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0768
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
Exploit

AdminLTE PiHole 5.18 - Broken Access Control

AdminLTE PiHole 5.18 - Broken Access Control

Author: kv1to Published:
View Exploit Code →
Application

Adminlte by Pi-Hole

Product Information
Vendor Pi-Hole
Product Adminlte
Version Range Affected
To 5.17 (inclusive)
cpe:2.3:a:pi-hole:adminlte:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/174460/AdminLTE-PiHole…
Exploit
http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Contr…
https://github.com/pi-hole/AdminLTE/releases/tag/v5.18
Release Notes Third Party Advisory
https://github.com/pi-hole/AdminLTE/releases/tag/v5.18
https://github.com/pi-hole/AdminLTE/security/advisories/GHS…
Exploit Third Party Advisory
https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497
http://packetstormsecurity.com/files/174460/AdminLTE-PiHole…
Exploit
http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Contr…
https://github.com/pi-hole/AdminLTE/releases/tag/v5.18
Release Notes Third Party Advisory
https://github.com/pi-hole/AdminLTE/releases/tag/v5.18
https://github.com/pi-hole/AdminLTE/security/advisories/GHS…
Exploit Third Party Advisory
https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497