CVE-2018-12457

Published June 15th, 2018

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECTS

Description

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.

A fully functioning Node.js shopping cart with Stripe, PayPal and Authorize.net payments.

NPM

A fully functioning Node.js shopping cart with Stripe, PayPal, Authorize.net, PayWay, Blockonomics, Adyen, Zip and Instore payments.

GitHub

2.26K