CVE-2021-47763
HIGHAimeos-laravel - SQL Injection
Title source: ruleDescription
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
Exploits (1)
exploitdb
WORKING POC
by Ilker Burak ADIYAMAN · textwebappsphp
https://www.exploit-db.com/exploits/50538
Scores
CVSS v3
8.2
EPSS
0.0002
EPSS Percentile
4.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-89
Status
published
Products (2)
aimeos/aimeos-laravel
Packagist
Aimeos/Aimeos Laravel ecommerce platform
Aimeos 2021.10 LTS
Published
Jan 15, 2026
Tracked Since
Feb 18, 2026