CVE-2018-3758

Summary

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

Affected Software

VendorProductVersion RangeStatus
HackerOneexpress-cart1.1.7affected

Weaknesses

  • CWE-22: Path Traversal (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References