CVE-2024-53476

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53476
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/AbdullahAlmutawa/CVE-2024-53476
https://github.com/simplcommerce/SimplCommerce
https://github.com/simplcommerce/SimplCommerce/issues/1111
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de condición de ejecución en SimplCommerce en el commit 230310c8d7a0408569b292c5a805c459d47a1d8f permite a los atacantes eludir las restricciones de inventario mediante el envío simultáneo de solicitudes de compra desde varias cuentas para el mismo producto. Esto puede provocar una sobreventa cuando el stock es limitado, ya que el sistema no puede realizar un seguimiento preciso del inventario en condiciones de alta concurrencia, lo que da como resultado posibles pérdidas y pedidos no completados.

28 Dec 2024, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
CWE CWE-362

27 Dec 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 19:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-53476

Mitre link : CVE-2024-53476

CVE.ORG link : CVE-2024-53476

JSON object : View

Products Affected

No product.

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')