High severity8.2NVD Advisory· Published Jan 15, 2026· Updated Apr 15, 2026

CVE-2021-47763

Description

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.

Affected products

Packagist/Aimeos Coreinferred
Range: =2021.10
Package: https://packagist.org/packages/aimeos/aimeos-core

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-hm9j-cgmm-2w36ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-47763ghsaADVISORY
aimeos.orgnvdWEB
aimeos.org/laravel-ecommerce-packagenvdWEB
www.exploit-db.com/exploits/50538nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000