Spartacvs

**Name of the Vulnerable Software and Affected Versions** Pi-hole through 5.0 **Description** The issue allows code injection in the Static DHCP Leases section by modifying Teleporter backup files and then restoring them, which occurs in settings.php. An attacker can exploit this by requesting a backup of limited files via teleporter.php, modifying the `host` parameter in dnsmasq.d files, and then compressing and uploading these files again. **Recommendations** For Pi-hole through 5.0, as a temporary workaround, consider restricting access to the Teleporter feature and the Static DHCP Leases section until a patch is available. Avoid using the `host` parameter in the dnsmasq.d files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.