CVE-2024-53476

MEDIUM

SimplCommerce - Info Disclosure

Title source: llm

Description

A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

Exploits (1)

nomisec WRITEUP

by AbdullahAlmutawa · poc

https://github.com/AbdullahAlmutawa/CVE-2024-53476

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/AbdullahAlmutawa/CVE-2024-53476

[Various Sources] https://github.com/simplcommerce/SimplCommerce

[Issue Tracking] https://github.com/simplcommerce/SimplCommerce/issues/1111

Scores

CVSS v3 5.9

EPSS 0.0047

EPSS Percentile 64.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Published Dec 27, 2024

Tracked Since Feb 18, 2026