CVE-2021-3706

The CVE-2021-3706 entry affects Pi-hole’s AdminLTE-based web interface. Affected component: the adminlte/persistentlogin cookie is set without the HttpOnly flag, making the cookie accessible to JavaScript and susceptible to theft via XSS. The OpenVAS PoC documents show a login flow where the pers...

PT-2021-21481 · Adminlte · Adminlte

Name of the Vulnerable Software and Affected Versions: adminlte affected versions not specified Description: The issue concerns a sensitive cookie without the 'HttpOnly' flag. This means that the cookie is accessible to JavaScript, potentially allowing an attacker to steal sensitive information...

Pi-Hole Adminlte 安全漏洞

Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole Adminlte has a security vulnerability that originates from an improperly designed or implemented code development process for a networked system or product...

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

✍️ Description Reflected XSS on any POST parameters with a correct token on /admin/settings.php When field is not in the defined list , $debug value is set to true , and the $POST is dumped without filtering 🕵️‍♂️ Proof of Concept 1. Login as admin 2. Settings - Flush log 3. replace field with XSS...

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

✍️ Description Reflected XSS in POST /admin/scripts/pi-hole/php/customcname.php 🕵️‍♂️ Proof of Concept 1. Login as admin, Go to Local DNS - CNAME Records - Add a new CNAME record 2. Input alert1 in domain field and anything in target domain. 3. The Payload in post body domain is URL encoded, use a...

SIYUCMS suffers from an arbitrary file read vulnerability (CNVD-2021-26009)

SIYUCMS is a content management system based on ThinkPHP + AdminLTE. SIYUCMS suffers from an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

File Upload Vulnerability in SIYUCMS V6.1

SIYUCMS is a content management system based on ThinkPHP + AdminLTE. A file upload vulnerability exists in SIYUCMS V6.1, which can be exploited by an attacker to gain administrative privileges on the web server...

Pi-hole Web Interface < 5.1 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Remote code execution

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

CVE-2020-8816

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

SIYUCMS 5.1 Arbitrary File Deletion Vulnerability

SIYUCMS is a content management system based on ThinkPHP5 + AdminLTE. An arbitrary file deletion vulnerability exists in SIYUCMS version 5.1, which can be exploited by an attacker to delete arbitrary files...

SIYUCMS 5.1 suffers from a command execution vulnerability (CNVD-2020-31713)

SIYUCMS is a content management system based on ThinkPHP5 + AdminLTE. SIYUCMS 5.1 suffers from a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands and gain administrative privileges on the web server...

Pi-hole Web Interface < 4.3.3 RCE Vulnerability

The Pi-hole Web Interface previously AdminLTE is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Exploit for OS Command Injection in Pi-Hole

Pi-Hole /tmp/pocproof.txt"@example.com !Screenshot 1i...

BearAdmin Arbitrary File Download Vulnerability

BearAdmin is a backend management system based on ThinkPHP5 and AdminLTE. A security vulnerability exists in BearAdmin version 0.5. A remote attacker can exploit the vulnerability by sending the 'name' parameter with a directory traversal sequence to the /admin/databack/download.html page to...

Pi-hole Web Interface < 3.3 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in WhitelistBlacklist

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in WhitelistBlacklist Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE...

Pi-Hole 2.8.1 Cross Site Scripting

Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE Version: Pi-Hole v2.8.1 Discovery date: July 20th 2016 Vendor Site: https://pi-hole.net...

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist

Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE Version: Pi-Hole v2.8.1 Discovery date: July 20th 2016 Vendor Site: https://pi-hole.net...