express-cart is vulnerable to privilege escalation attacks. A malicious user can pass a crafted request to the endpoint containing the /admin/setup
string to create a user that will be considered as an admin user.
CPE | Name | Operator | Version |
---|---|---|---|
express-cart | eq | 0.0.1-security | |
express-cart | le | 1.1.5 |