Vulnerabilities > Expresscart Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-15 | CVE-2018-12457 | Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | 8.8 |