Nate-Red

**Name of the Vulnerable Software and Affected Versions** Pi-hole Web version 4.3.2 **Description** The issue allows remote code execution by privileged dashboard users via a crafted DHCP static lease. This is due to the failure to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For version 4.3.2, update to a version that includes a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the dashboard and limiting the ability to create or modify DHCP static leases until a patch is available.