Lucene search

K

GoogleOSV:GHSA-HR89-W7P6-PJMQ

HistoryMay 13, 2022 - 1:49 a.m.

express-cart allows any user to create an admin user

2022-05-1301:49:36

Google

osv.dev

4

express-cart

vulnerability

remote attackers

admin user

software

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.4%

Express-Cart before 1.1.6 allows remote attackers to create an admin user via an /admin/setup Referer header.

References

github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b

hackerone.com/reports/343626

nvd.nist.gov/vuln/detail/CVE-2018-12457

www.npmjs.com/package/express-cart?activeTab=versions

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.4%

Related for OSV:GHSA-HR89-W7P6-PJMQ

nvd1 github1 cve1 prion1 cvelist1 osv1 ibm1