1.1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-15	CVE-2018-12457	Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. network low complexity expresscart-project CWE-732	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.