Mark Moffat

1 exploit Active since Jun 2018
CVE-2018-12457 WRITEUP HIGH WRITEUP
expresscart < 1.1.6 - Unauthenticated Admin User Creation via Referer Header
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
CVSS 8.8