Pi-hole is affected by a Remote Code Execution vulnerability. An authenticated user of the Web portal can execute arbitrary command with the underlying server with the privileges of the local user executing the service. Exploitation of this vulnerability can be automated.
https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
origin - https://www.pipiscrew.com/2020/03/cve-2020-8816-pi-hole-remote-code-execution/ cve-2020-8816-pi-hole-remote-code-execution