High severity8.8NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026
CVE-2018-3758
CVE-2018-3758
Description
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
express-cartnpm | < 1.1.7 | 1.1.7 |
Affected products
2- HackerOne/express-cartv5Range: 1.1.7
Patches
Vulnerability mechanics
References
4- hackerone.com/reports/343726nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-4w62-cq5r-5mmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3758ghsaADVISORY
- github.com/mrvautin/expressCart/commit/65b18cfe426fa217aa6ada1d4162891883137893ghsaWEB
News mentions
0No linked articles in our index yet.