CVE-2024-53476 PoC — SimplCommerce 安全漏洞

Source

https://github.com/AbdullahAlmutawa/CVE-2024-53476

Associated Vulnerability

Title:SimplCommerce 安全漏洞 (CVE-2024-53476)
Description:A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

Description

SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.

Readme

# CVE-2024-53476
SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.

# Detection Method
An attacker can detect this vulnerability by attempting to purchase a product at almost the same time with limited stock (stock = 1) using two accounts. If both accounts successfully purchase the product, it confirms the presence of a race condition. This can be done using custom scripts or Burp Suite turbo intruder to send concurrent checkout requests.

# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit

#Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

# Disclosure Timeline

# Credits
Abdullah Almutawa

File Snapshot


 [4.0K]  /data/pocs/314fdc6c27528bf1f0b16393d84490922141a438
└── [ 780]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!