Home > Vulnerability Database > CVE-2022-23513

Mend.io Vulnerability Database

CVE-2022-23513

Date: December 22, 2022

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on "queryads" endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: "/admin/scripts/pi-hole/phpqueryads.php." Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.

Language: PHP

Severity Score

5.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23513

Url: https://github.com/pi-hole/AdminLTE/releases/tag/v5.18

Url: http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html

Url: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497

Url: https://www.mend.io/vulnerability-database/CVE-2022-23513

Severity Score

5.3

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23513

Date: December 22, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?