Vulnerabilities > Expresscart Project > Expresscart > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-15 CVE-2018-12457 Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
network
low complexity
expresscart-project CWE-732
6.5