What is CVE-2020-11108?

CVE-2020-11108 is a vulnerability in N/a. Published 2020-05-11.

Is CVE-2020-11108 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with t…

EPSS: 0.896 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

frichetten.com/blog/cve-2020-11108-pihole-rce/ (x_refsource_MISC)
github.com/Frichetten/CVE-2020-11108-PoC (x_refsource_MISC)
packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.html (x_refsource_MISC)
packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privileg… (x_refsource_MISC)
packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS… (x_refsource_MISC)
packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-11108?: CVE-2020-11108 is a vulnerability in N/a. Published 2020-05-11.
Is CVE-2020-11108 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.