Browse all 12 CVE security advisories affecting Aimeos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Aimeos serves as an e-commerce framework primarily used for building online retail platforms. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, with 12 CVEs documented. Security researchers have identified issues related to improper input validation and access control flaws. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in its components highlights the need for rigorous maintenance and prompt patching. The framework's modular architecture, while flexible, introduces potential attack surfaces that require careful configuration and regular security assessments to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39319 | aimeos/ai-controller-frontend has IDOR vulnerability in account profile page — ai-controller-frontendCWE-639 | - | -AI | 2024-09-26 |
| CVE-2024-39325 | aimeos/ai-controller-frontend doesn't reset payment status in basket — ai-controller-frontendCWE-841 | 5.3 | Medium | 2024-07-02 |
This page lists every published CVE security advisory associated with Aimeos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.