Skip to main content

Pi Hole CVE-2019-13051

HIGH
OS Command Injection (CWE-78)
2019-10-09 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 09, 2019 - 12:15 nvd
HIGH 8.8

DescriptionNVD

Pi-Hole 4.3 allows Command Injection.

AnalysisAI

Pi-Hole 4.3 allows Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Affected products include: Pi-Hole.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2025-34087 HIGH POC
8.8 Jul 03

Pi-hole versions up to 3.3 contain an authenticated command injection via the domain allowlist functionality. When addin

CVE-2020-11108 HIGH POC
8.8 May 11

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. Rated high sever

CVE-2021-29449 MEDIUM POC
6.3 Apr 14

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated medium severity (CVSS 6.

CVE-2020-8816 HIGH POC
7.2 May 29

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l

CVE-2024-34361 HIGH POC
8.8 Jul 05

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. Rated

CVE-2021-32706 HIGH POC
8.8 Aug 04

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Rate

CVE-2021-29448 HIGH POC
8.8 Apr 15

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8)

CVE-2020-14162 HIGH POC
7.8 Jul 30

An issue was discovered in Pi-Hole through 5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complex

CVE-2020-12620 HIGH POC
7.8 Jul 30

Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection

CVE-2024-44069 HIGH POC
7.5 Aug 19

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dash

CVE-2024-28247 MEDIUM POC
6.5 Mar 27

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side softwa

CVE-2026-41489 HIGH
8.8 May 11

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From

Share

CVE-2019-13051 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy