Full title: NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability 
Category: web applications
Platform: php
NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.

# 0day.today @ http://0day.today/