CVE-2018-10057
N/A
N/A
Summary
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057
- http://www.openwall.com/lists/oss-security/2018/06/03/1
References
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057
- http://www.openwall.com/lists/oss-security/2018/06/03/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.