CVE-2018-12457
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
8.8CVSS
8.5AI Score
0.004EPSS