Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 5:25 p.m.1 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9CVSS7.7AI score0.8959EPSS
Exploits17References1
CNVD
CNVDadded 2020/05/12 12:0 a.m.6 views

Pi-hole code issue vulnerability

Pi-hole is a web-grade ad-blocking application from Pi-hole.Gravity updater is an auto-updating plugin used in it. A code issue vulnerability exists in gravityDownloadBlocklistFromUrl in Gravity updater in Pi-hole 4.4 and prior versions. An attacker can exploit this vulnerability to write a PHP...

9CVSS7AI score0.8959EPSS
Exploits17References1
NVD
NVDadded 2020/05/11 3:15 p.m.15 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9CVSS9.1AI score0.8959EPSS
Exploits17References6
OSV
OSVadded 2020/05/11 3:15 p.m.23 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

8.8CVSS7.7AI score0.8959EPSS
Exploits17References6
Prion
Prionadded 2020/05/11 3:15 p.m.21 views

Design/Logic Flaw

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9CVSS9AI score0.8959EPSS
Exploits17References6Affected Software1
CVE
CVEadded 2020/05/11 2:42 p.m.208 views

CVE-2020-11108

CVE-2020-11108 affects Pi-hole 4.4 and earlier, via the Gravity updater’s gravity_DownloadBlocklistFromUrl in gravity.sh. An authenticated attacker can upload arbitrary files, enabling remote code execution by writing a PHP file into the webroot. The issue can be leveraged for privilege escalatio...

9CVSS8.9AI score0.8959EPSS
Exploits17References6Affected Software1
Cvelist
Cvelistadded 2020/05/11 2:42 p.m.23 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9.1AI score0.8959EPSS
Exploits17References6
ATTACKERKB
ATTACKERKBadded 2020/05/11 12:0 a.m.26 views

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

9CVSS0.1AI score0.8959EPSS
Exploits17References7
Rows per page
Query Builder