Schneidersec

**Name of the Vulnerable Software and Affected Versions** Pi-hole versions prior to 5.5.1 **Description** The issue lies in the `validDomainWildcard` preg match filter, which allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. This is due to one of the periods not being escaped, allowing any character to be used in its place. **Recommendations** For versions prior to 5.5.1, update to version 5.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the `validDomainWildcard` preg match filter until the patch is applied.