The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote malicious user to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bfgminer bfgminer 5.5.0 |
||
cgminer project cgminer 4.10.0 |