CVE-2020-14162

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt