CVE-2021-47763 HIGH

CVE-2021-47763: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Vendor Aimeos

Product Aimeos Laravel ecommerce platform

Weakness CWE-89 · SQLi

Published January 15, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.

Key dates

Disclosure timeline

January 15, 2026 CVE published

April 7, 2026 Record updated

Identifiers

CVE CVE-2021-47763

CWE CWE-89

CVSS 8.8 / HIGH

Affected versions

Vendor Aimeos

Product Aimeos Laravel ecommerce platform

Affected Aimeos 2021.10 LTS