Lucene search

CVE-2022-23513

🗓️ 23 Dec 2022 00:08:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

CVE-2022-23513: Pi-Hole AdminLTE unauthorized query vulnerabilit

Reporter	Title	Published	Views	Family All 9
NVD	CVE-2022-23513	23 Dec 202200:15	–	nvd
Prion	Code injection	23 Dec 202200:15	–	prion
OpenVAS	Pi-hole Web Interface 2.0 <= 5.17 Broken Access Control Vulnerability	1 Dec 202300:00	–	openvas
OSV	CVE-2022-23513	23 Dec 202200:15	–	osv
0day.today	AdminLTE PiHole 5.18 - Broken Access Control Vulnerability	4 Sep 202300:00	–	zdt
Packet Storm	AdminLTE PiHole Broken Access Control	4 Sep 202300:00	–	packetstorm
Cvelist	CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint	22 Dec 202223:17	–	cvelist
RedhatCVE	CVE-2022-23513	13 Feb 202518:03	–	redhatcve
Exploit DB	AdminLTE PiHole 5.18 - Broken Access Control	4 Sep 202300:00	–	exploitdb

Nvd

Vulners

Node

pi-hole adminlteRange≤5.17

[
  {
    "vendor": "pi-hole",
    "product": "AdminLTE",
    "versions": [
      {
        "version": "< 5.17",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/pi-hole/AdminLTE/releases/tag/v5.18
packetstormsecurity	www.packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html
github	www.github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497

Parameter	Position	Path	Description	CWE
domain	query param	/admin/scripts/pi-hole/php/queryads.php	Broken Access Control allows unauthorized query for blocked domains.	CWE-284

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Dec 2022 00:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS35.3

EPSS0.01761

CWE-284