QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10057

Published: Jun 5, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057

x_refsource_MISC

[oss-security] 20180603 CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.