FLAT-R5OSU – Vulnerability

SQL injection - Code In aimeos/aimeos-laravel

Description

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
composer	aimeos/aimeos-laravel	=2021.10

Aliases

1. CVE-2021-477632. NVD-2021-477633. OSV-2021-47763

References

1. https://aimeos.org2. https://aimeos.org/laravel-ecommerce-package3. https://www.exploit-db.com/exploits/50538

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.