CVE-2020-8816

Name of the Vulnerable Software and Affected Versions Pi-hole Web version 4.3.2

Description The issue allows remote code execution by privileged dashboard users via a crafted DHCP static lease. This is due to the failure to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For version 4.3.2, update to a version that includes a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the dashboard and limiting the ability to create or modify DHCP static leases until a patch is available.