Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

aimeos — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting aimeos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Aimeos serves as an e-commerce framework primarily used for building online retail platforms. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, with 12 CVEs documented. Security researchers have identified issues related to improper input validation and access control flaws. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in its components highlights the need for rigorous maintenance and prompt patching. The framework's modular architecture, while flexible, introduces potential attack surfaces that require careful configuration and regular security assessments to mitigate risks.

Top products by aimeos: ai-admin-graphql aimeos-core ai-client-html ai-controller-frontend ai-admin-jsonadm ai-cms-grapesjs Aimeos Laravel ecommerce platform
CVE IDTitleCVSSSeverityPublished
CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection — Aimeos Laravel ecommerce platformCWE-89 8.2 High2026-01-15
CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors — ai-cms-grapesjsCWE-79 7.7 High2025-12-02
CVE-2024-47173 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups — ai-admin-graphqlCWE-270 5.5 Medium2024-10-24
CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page — ai-controller-frontendCWE-639--AI2024-09-26
CVE-2024-39325 aimeos/ai-controller-frontend doesn't reset payment status in basket — ai-controller-frontendCWE-841 5.3 Medium2024-07-02
CVE-2024-39322 aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records — ai-admin-jsonadmCWE-863 5.5 Medium2024-07-02
CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services — ai-admin-graphqlCWE-1220 3.8 Low2024-07-02
CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account — ai-admin-graphqlCWE-1220 7.1 High2024-07-02
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log — ai-client-htmlCWE-1295 8.8 High2024-06-25
CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check — ai-client-htmlCWE-841 5.3 Medium2024-06-11
CVE-2024-37295 Aimeos Core remote code execution in web server context — aimeos-coreCWE-73 7.2 High2024-06-11
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups — aimeos-coreCWE-270 5.5 Medium2024-06-11

This page lists every published CVE security advisory associated with aimeos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.