CVE-2024-53476

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 27, 2024

Updated: Dec 28, 2024

CWE ID 362

Summary

CVE-2024-53476 is a race condition vulnerability affecting SimplCommerce, as identified in commit 230310c8d7a0408569b292c5a805c459d47a1d8f. This issue allows attackers to circumvent inventory restrictions by submitting purchase requests for the same product from multiple accounts concurrently. Under heavy traffic conditions, the system may fail to accurately track inventory levels, resulting in overselling. This vulnerability can lead to financial loss and unfulfilled orders due to the inability to meet customer demand with available stock.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0ubl3z
https://www.cve.org/CVERecord?id=CVE-2024-53476
https://nvd.nist.gov/vuln/detail/CVE-2024-53476

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-53476

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations