cve/2018/CVE-2018-10057.md

### [CVE-2018-10057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10057)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

### POC

#### Reference
- http://www.openwall.com/lists/oss-security/2018/06/03/1
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-10057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10057)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).`

			`### POC`

			`#### Reference`
			`- http://www.openwall.com/lists/oss-security/2018/06/03/1`
			`- https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057`

			`#### Github`
			`No PoCs found on GitHub currently.`