CVE-2021-47763: Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

January 15, 2026

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api ‘sort’ parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.

References

aimeos.org/
aimeos.org/laravel-ecommerce-package
github.com/advisories/GHSA-hm9j-cgmm-2w36
github.com/aimeos/aimeos-laravel
nvd.nist.gov/vuln/detail/CVE-2021-47763
www.exploit-db.com/exploits/50538

Code Behaviors & Features

Detect and mitigate CVE-2021-47763 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →