CVE-2024-53412

HighUpdated

Published: 15 April 2026

Published

15 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.1th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53412 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 39.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of inputs like the Port field to reject malicious command injection payloads, directly preventing exploitation in the connect function.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, testing, and installation of patches to remediate the command injection flaw in ShoppingCart 0.0.2.

SI-4 System Monitoring partial match

detect

SI-4 enables monitoring for indicators of successful command injection, such as anomalous shell executions triggered by Port field payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Command injection in Port field enables arbitrary shell command execution (T1059.004) and local RCE for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field

Deeper analysisAI

CVE-2024-53412 is a command injection vulnerability in the connect function of NietThijmen ShoppingCart version 0.0.2. The flaw allows attackers to inject malicious payloads into the Port field, enabling the execution of arbitrary shell commands and achieving remote code execution. It carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-77 (Command Injection). The vulnerability was published on 2026-04-15.

A local attacker with no privileges required can exploit this issue with low attack complexity and no user interaction. By crafting payloads for the Port field, the attacker can execute arbitrary shell commands, leading to remote code execution with high impacts on confidentiality, integrity, and availability.

Advisories and further details are documented in GitHub repositories, including https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md and https://github.com/NietThijmen/ShoppingCart/issues/1.

Details

CWE(s): CWE-77

CVEs Like This One

CVE-2025-33180Shared CWE-77

CVE-2025-33181Shared CWE-77

CVE-2026-3517Shared CWE-77

CVE-2025-22472Shared CWE-77

CVE-2025-26331Shared CWE-77

CVE-2025-22473Shared CWE-77

CVE-2026-30898Shared CWE-77

CVE-2026-20186Shared CWE-77

CVE-2026-3519Shared CWE-77

CVE-2025-64424Shared CWE-77

References

https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md
cve@mitre.org
https://github.com/NietThijmen/ShoppingCart/issues/1
cve@mitre.org
https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md
134c704f-9b21-4f2e-91b3-4a467353bcc0