Pi-hole Attack Surface
A network-wide ad-blocking tool with the capability to execute arbitrary commands. Executive Summary Path Traversal to RCE via teleporter.php and zip_file Parameter: The teleporter.php script in Pi-hole and zip_file parameter, which handles the import and export of settings, contains a vulnerability in its file upload functionality. The application does not adequately validate the contents and …