Expresscart
Monthly
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.