CVE-2021-47763— Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47763
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aimeos SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aimeos是Aimeos开源的一个面向在线商店的开源电子商务框架。 Aimeos 2021.10 LTS版本存在SQL注入漏洞,该漏洞源于json api sort参数存在SQL注入,可能导致攻击者注入恶意数据库查询。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Aimeos | Aimeos Laravel ecommerce platform | Aimeos 2021.10 LTS | - |
II. Public POCs for CVE-2021-47763
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47763
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Aimeos
- CVE-2025-66468
Aimeos GrapesJS CMS extension possible stores XSS exploitabl - CVE-2024-47173
Aimeos GraphQL API admin interface denial of service vulnera - CVE-2024-39319
aimeos/ai-controller-frontend has IDOR vulnerability in acco - CVE-2024-39325
aimeos/ai-controller-frontend doesn't reset payment status i - CVE-2024-39322
aimeos/ai-admin-jsonadm improper access control vulnerabilit
Same weakness: CWE-89
- CVE-2026-8724
Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.t - CVE-2021-47980
Fuel CMS 1.4.13 Blind SQL Injection via col Parameter - CVE-2021-47956
EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname - CVE-2021-47954
LayerBB 1.1.4 SQL Injection via search_query Parameter - CVE-2020-37244
WordPress Plugin Supsystic Membership 1.4.7 SQL Injection vi
V. Comments for CVE-2021-47763
No comments yet