CVE-2018-3758
CVE-2018-3758 affects the express-cart Node.js module (pre-1.1.7). The vulnerability is an unrestricted file upload via the module’s upload functionality. A privileged user can supply an attacker-controlled path and upload arbitrary files (no path/type/size validation), potentially gaining access...