Expresscart Project Expresscart — known CVE vulnerabilities
Every CVE whose affected-product data names Expresscart Project Expresscart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2018-12457 — CVSS 8.8 (high): expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.