CVE-2024-53476

Published Dec 27, 2024

Last updated 2 months ago

CVSS medium 5.9

Overview

Description
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.9
Impact score
3.6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-362

Social media

Hype score
Not currently trending

  1. eWPTXv2 latest CVE's CVE-2024-50944: Integer overflow in shopping cart functionality leads to price manipulation. CVE-2024-53476: bypassing inventory controls. CVE-2024-50945: Lack of purchase verification for product reviews. All of this seems good cases for Web Hacking 🧛

    @byt3n33dl3

    5 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. الحَمد لله, حصلت على 3x CVEs وشهادة eWPTX. CVE-2024-50944: Integer overflow in shopping cart functionality leads to price manipulation CVE-2024-53476: Race condition allowing bypass of inventory controls CVE-2024-50945: Lack of purchase verification for product reviews https://t

    @_D3CAFF

    3 Jan 2025

    1601 Impressions

    3 Retweets

    26 Likes

    8 Bookmarks

    5 Replies

    0 Quotes

  3. الحَمد لله, حصلت على 3x CVEs وشهادة eWPTX. CVE-2024-50944: Integer overflow in shopping cart functionality leads to price manipulation. CVE-2024-53476: Race condition allowing bypass of inventory controls. CVE-2024-50945: Lack of purchase verification for product reviews. https:

    @_D3CAFF

    3 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. الحَمد لله, حصلت على 3x CVEs وشهادة Web Application Penetration Tester eXtreme (eWPTX). CVE-2024-50944: Integer overflow in shopping cart functionality leads to price manipulation. CVE-2024-53476: Race condition allowing bypass of inventory controls. CVE-2024-50945: Lack of… http

    @_D3CAFF

    3 Jan 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-53476 A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously… https://t.co/NlpfEGns3T

    @CVEnew

    28 Dec 2024

    490 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References