CVE-2021-47763

HIGH

Aimeos 2021.10 LTS - SQL Injection via JSON API Sort Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47763. PoCs published by Ilker Burak ADIYAMAN.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Aimeos Laravel ecommerce platform 2021.10 LTS via the 'sort' parameter in the JSON API. The payload 'sort=--' is used to trigger an error-based SQL injection, confirming the vulnerability.

Description

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.

Exploits (1)

exploitdb WORKING POC
by Ilker Burak ADIYAMAN · textwebappsphp
https://www.exploit-db.com/exploits/50538

The exploit demonstrates a SQL injection vulnerability in Aimeos Laravel ecommerce platform 2021.10 LTS via the 'sort' parameter in the JSON API. The payload 'sort=--' is used to trigger an error-based SQL injection, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Aimeos Laravel ecommerce platform 2021.10 LTS
No auth needed
Prerequisites: Access to the JSON API endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50538
Various Sources product
https://aimeos.org

Scores

CVSS v3 8.2
EPSS 0.0001
EPSS Percentile 1.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Aimeos/Aimeos Laravel ecommerce platform Aimeos 2021.10 LTS
aimeos/aimeos-laravel Packagist
Published Jan 15, 2026
Tracked Since Feb 18, 2026