Aimeos Laravel E-Commerce SQL Injection Vulnerability in 'sort' Parameter

A SQL injection vulnerability has been identified in the Aimeos Laravel e-commerce platform, specifically in the 2021.10 LTS version. The issue arises within the JSON API 'sort' parameter, allowing attackers to inject malicious database queries. By manipulating the sort parameter, it is possible to extract table and column names. Exploitation involves sending crafted GET requests to the 'jsonapi/review' endpoint.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to the 'jsonapi/review' endpoint with a crafted 'sort' parameter value. The injection can be verified by using a payload that exploits the SQL injection, such as '--', which typically indicates a comment in SQL and can be used to manipulate the query execution.