{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-53412", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-15T17:27:22.513Z", "dateReserved": "2024-11-20T00:00:00.000Z", "datePublished": "2026-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T14:23:24.048Z"}, "descriptions": [{"lang": "en", "value": "Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/NietThijmen/ShoppingCart/issues/1"}, {"url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "references": [{"url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T17:26:36.669288Z", "id": "CVE-2024-53412", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:27:22.513Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-53412", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-15T17:27:22.513Z", "dateReserved": "2024-11-20T00:00:00.000Z", "datePublished": "2026-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T14:23:24.048Z"}, "descriptions": [{"lang": "en", "value": "Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/NietThijmen/ShoppingCart/issues/1"}, {"url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53412", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T17:26:36.669288Z"}}}], "references": [{"url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:26:18.256Z"}}]}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field"}], "id": "CVE-2024-53412", "lastModified": "2026-04-27T19:18:46.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-15T15:16:39.710", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md"}, {"source": "cve@mitre.org", "url": "https://github.com/NietThijmen/ShoppingCart/issues/1"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.0.2"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "shoppingcart", "vendor": "nietthijmen"}], "analysis": {"en": {"generated_at": "2026-04-16T02:34:06.023254+00:00", "value": {"mitigation_remediation": ["Upgrade ShoppingCart to a patched version if one is available", "Validate and sanitize the Port field to ensure it contains only acceptable numeric values and reject any input that includes shell metacharacters", "Constrain the permissions of the application process so that any executed commands have no ability to alter critical system files or services", "Consider deploying a web application firewall to detect and block suspicious input patterns"], "summary": {"action": "Immediate Mitigation", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects the open\u2011source NietThijmen ShoppingCart, version 0.0.2. No other vendors or product versions are currently listed as affected.", "description_and_impact": "This vulnerability is a command injection flaw located in the connect function of NietThijmen ShoppingCart 0.0.2. An attacker can insert arbitrary shell commands into the Port field, allowing them to execute code on the host that runs the application with the process\u2019s privileges. The impact is the ability to modify, delete or exfiltrate data, establish persistence, or pivot to other systems on the network. The weakness is an input validation failure that permits injected shell commands to be interpreted by the system.", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity. Current exploitation probability is not specified. Attackers are likely to exploit this vulnerability by sending crafted requests that include malicious payloads in the Port field, triggering arbitrary command execution on the hosting server. No specific prerequisites besides access to the application are disclosed, meaning that the flaw could be abused by unauthenticated users if the Port field is exposed to them."}}}}, "created": "2026-04-15T21:02:38.414987+00:00", "title": "Command Injection via Port Field in NietThijmen ShoppingCart Leading to Remote Code Execution", "updated": "2026-04-16T02:45:06.078582+00:00", "vendors": ["nietthijmen", "nietthijmen$PRODUCT$shoppingcart"]}