fkie_cve-2024-53476
Vulnerability from fkie_nvd
Published
2024-12-27 19:15
Modified
2024-12-28 19:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.
References
cve@mitre.orghttps://github.com/AbdullahAlmutawa/CVE-2024-53476
cve@mitre.orghttps://github.com/simplcommerce/SimplCommerce
cve@mitre.orghttps://github.com/simplcommerce/SimplCommerce/issues/1111
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en SimplCommerce en el commit 230310c8d7a0408569b292c5a805c459d47a1d8f permite a los atacantes eludir las restricciones de inventario mediante el env\u00edo simult\u00e1neo de solicitudes de compra desde varias cuentas para el mismo producto. Esto puede provocar una sobreventa cuando el stock es limitado, ya que el sistema no puede realizar un seguimiento preciso del inventario en condiciones de alta concurrencia, lo que da como resultado posibles p\u00e9rdidas y pedidos no completados."
    }
  ],
  "id": "CVE-2024-53476",
  "lastModified": "2024-12-28T19:15:06.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-27T19:15:09.103",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/AbdullahAlmutawa/CVE-2024-53476"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/simplcommerce/SimplCommerce"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/simplcommerce/SimplCommerce/issues/1111"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.