CVE-2023-2130 PoC — Purchase Order Management System SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-2130.yaml

Associated Vulnerability

Title:Purchase Order Management System SQL注入漏洞 (CVE-2023-2130)
Description:Purchase Order Management System是Carlo Montero个人开发者的一个采购订单管理系统。 SourceCodester Purchase Order Management System 1.0版本存在SQL注入漏洞，该漏洞源于对参数id的错误操作导致sql注入。

Description

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.

File Snapshot


 id: CVE-2023-2130

info:
  name: Purchase Order Management v1.0 - SQL Injection
  author: theamanraw

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!