High severity8.8NVD Advisory· Published Jun 15, 2018· Updated Jun 17, 2026
CVE-2018-12457
CVE-2018-12457
Description
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
express-cartnpm | < 1.1.6 | 1.1.6 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3bnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-hr89-w7p6-pjmqghsaADVISORY
- hackerone.com/reports/343626nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-12457ghsaADVISORY
- www.npmjs.com/package/express-cartnvdThird Party AdvisoryWEB
- github.com/nodejs/security-wg/blob/main/vuln/npm/469.jsonghsaWEB
- snyk.io/vuln/npm:express-cart:20180712ghsaWEB
- www.npmjs.com/advisories/730ghsaWEB
News mentions
0No linked articles in our index yet.