This Metasploit module exploits a command execution in Pi-Hole versions 4.4 and below. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter, effectively running a […]
Dolibarr version 11.0.3 suffers from a cross site scripting vulnerability.
Victor CMS version 1.0 suffers from a persistent cross site scripting vulnerability.
Victor CMS version 1.0 suffers from a remote SQL injection vulnerability.
qdPM version 9.1 suffers from a persistent cross site scripting vulnerability.
Submitty version 20.04.01 suffers from a persistent cross site scripting vulnerability.
NukeViet VMS version 4.4.00 suffers from a cross site request forgery vulnerability.
PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.
Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability.
Pi-Hole – heisenbergCompensator Blocklist OS Command Execution (Metasploit)
Tags: 0day, remote exploit