CVE-2024-0411 Overview
CVE-2024-0411 is an improper access control vulnerability [CWE-284] affecting DeShang DSMall versions up to and including 6.1.0. The flaw resides in the public/install.php file, which is reachable by an unauthenticated remote attacker through the HTTP GET request handler. Manipulation of this endpoint bypasses access restrictions on installation functionality. The issue has been publicly disclosed and tracked as VulDB identifier VDB-250431. Remote attackers can trigger the vulnerability without authentication or user interaction across the network.
Critical Impact
Unauthenticated attackers can reach the installation script over the network and abuse access control weaknesses to compromise the confidentiality of the DSMall e-commerce application.
Affected Products
- DeShang DSMall versions up to 6.1.0
- Component: public/install.php HTTP GET Request Handler
- Vendor: csdeshang
Discovery Timeline
- 2024-01-11 - CVE-2024-0411 published to the National Vulnerability Database
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-0411
Vulnerability Analysis
DSMall is an open-source PHP-based multi-vendor e-commerce platform maintained by csdeshang. The vulnerability resides in public/install.php, the installer script bundled with the application. Installer scripts typically configure database credentials, administrative accounts, and application secrets during initial deployment.
The endpoint fails to enforce access controls that would restrict its use after initial deployment or to privileged users. An unauthenticated remote attacker can issue an HTTP GET request to public/install.php and interact with installation logic that should be inaccessible in production environments. The exploit has been publicly disclosed, increasing the likelihood of opportunistic scanning.
Root Cause
The root cause is missing or insufficient authorization checks on the installation endpoint, categorized under [CWE-284] Improper Access Control. The application does not verify whether the installer has already completed or whether the caller is authorized to invoke installation routines. This design flaw exposes sensitive setup functionality to any network-adjacent client that can reach the web root.
Attack Vector
Exploitation requires only network access to the DSMall web server. An attacker sends a crafted HTTP GET request to /public/install.php and interacts with the exposed installer. No credentials, prior access, or user interaction are required. See the Zhaoj technical write-up and VulDB entry #250431 for additional technical detail on the request pattern.
Detection Methods for CVE-2024-0411
Indicators of Compromise
- Unexpected HTTP GET requests to /public/install.php in web server access logs after initial deployment.
- Modifications to DSMall configuration files, database connection settings, or administrative account records without a corresponding change window.
- Requests to install.php originating from external IP addresses or from clients that do not belong to the deployment pipeline.
Detection Strategies
- Search web server access logs (Nginx, Apache) for any request matching the path install.php and correlate with source IP reputation.
- Deploy a web application firewall (WAF) rule that blocks or alerts on GET requests to installation scripts in production environments.
- Compare file hashes of DSMall installation artifacts against a known-good baseline to identify tampering.
Monitoring Recommendations
- Forward web server logs to a centralized logging platform and alert on any access to installer paths post-deployment.
- Monitor database schema changes and administrative user creation events for anomalous activity.
- Track outbound connections from the DSMall host that could indicate follow-on compromise after installer abuse.
How to Mitigate CVE-2024-0411
Immediate Actions Required
- Remove or rename public/install.php on all production DSMall deployments running version 6.1.0 or earlier.
- Restrict access to the installer at the web server or network layer to trusted administrative IP ranges only.
- Audit web server access logs for prior requests to install.php and investigate any hits.
Patch Information
At the time of publication no vendor advisory or fixed release was linked in the NVD entry. Consult the csdeshang DSMall project for updated releases beyond version 6.1.0 and apply any subsequent security releases. Review the VulDB CTI entry #250431 for remediation updates.
Workarounds
- Delete public/install.php from the web root once the initial installation is complete.
- Configure the web server to return HTTP 403 for any request path matching install.php.
- Place the DSMall application behind an authenticating reverse proxy or VPN during setup and lock down installer routes afterward.
# Nginx configuration snippet to block access to the installer
location ~* /public/install\.php$ {
deny all;
return 403;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

