Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Exploit for CVE-2024-34361 | 7 Jul 202421:22 | – | githubexploit |
| Exploit for CVE-2024-34361 | 7 Jul 202421:22 | – | githubexploit |
 | CVE-2024-34361 | 5 Jul 202422:07 | – | circl |
 | CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) | 5 Jul 202418:30 | – | cvelist |
 | CVE-2024-34361 | 5 Jul 202419:15 | – | nvd |
 | Pi-hole Core < 5.18.3 SSRF/RCE Vulnerability | 8 Jul 202400:00 | – | openvas |
 | CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) | 5 Jul 202418:30 | – | osv |
 | 📄 Pi-hole 5.18.3 Remote Code Execution | 22 Dec 202500:00 | – | packetstorm |
 | CVE-2024-34361 | 9 Jan 202608:35 | – | redhatcve |
 | CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) | 5 Jul 202418:30 | – | vulnrichment |
10
[
{
"vendor": "pi-hole",
"product": "pi-hole",
"versions": [
{
"version": "< 5.18.3",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| pw | request body | /admin/login.php | Authenticated login endpoint used to obtain session for exploiting Pi-hole admin interface. | CWE-918 |
| token | nested | /admin/groups-adlists.php | Fetches CSRF token and allows adlist manipulation; token required for subsequent exploit payload. | CWE-918 |
| address | nested | /admin/groups-adlists.php | Fetches CSRF token and allows adlist manipulation; token required for subsequent exploit payload. | CWE-918 |
| comment | nested | /admin/groups-adlists.php | Fetches CSRF token and allows adlist manipulation; token required for subsequent exploit payload. | CWE-918 |
| action | request body | /admin/scripts/pi-hole/php/groups.php | Submit crafted adlist entry with a gopher:// payload to reach Redis RCE and plant a web shell. | CWE-918 |
| address | request body | /admin/scripts/pi-hole/php/groups.php | Submit crafted adlist entry with a gopher:// payload to reach Redis RCE and plant a web shell. | CWE-918 |
| comment | request body | /admin/scripts/pi-hole/php/groups.php | Submit crafted adlist entry with a gopher:// payload to reach Redis RCE and plant a web shell. | CWE-918 |
| token | request body | /admin/scripts/pi-hole/php/groups.php | Submit crafted adlist entry with a gopher:// payload to reach Redis RCE and plant a web shell. | CWE-918 |
| cmd | path | /admin/shell.php | Web shell endpoint used to execute arbitrary commands after successful exploit. | CWE-918 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Oct 2025 13:07Current
8.5High risk
Vulners AI Score8.5
CVSS 3.18.5 - 8.8
EPSS0.58179
SSVC