What is CVE-2023-2130?

A medium-severity SQL injection vulnerability exists in SourceCodester Purchase Order Management System 1.0. Exploitation can occur remotely, and organizations are advised to implement patches promptly to mitigate risks.

What is the severity of CVE-2023-2130?

CVE-2023-2130 has a severity rating of MEDIUM with a CVSS base score of 6.3.

CVE-2023-2130 | Medium Vulnerability in Purchase Order Management System

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. This vulnerability allows manipulation of the argument id in the file /admin/suppliers/view_details.php. The result is an SQL injection that can be exploited remotely. The exploit has been disclosed to the public and may be utilized by attackers. Organizations should prioritize patching immediately.

The CVSS score of this vulnerability is 6.3, indicating a medium severity level. It poses a risk to organizations as attackers may leverage this SQL injection to gain unauthorized access to sensitive data.

Organizations should address this vulnerability in their priority patch cycle to prevent potential exploitation. The publication date of the vulnerability is April 17, 2023, and it has been classified under CWE-89 (SQL Injection).

The attack vector is network-based with low complexity and low privileges required for exploitation. It has a high impact on confidentiality, integrity, and availability.

Given the nature of SQL injection vulnerabilities, organizations utilizing the affected Purchase Order Management System should conduct a thorough security assessment and implement necessary mitigations.

Vulnerability Details

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.

The CVSS score for this vulnerability is 9.8, which is classified as critical, indicating a high level of risk for organizations.

Technical Analysis

The root cause of this vulnerability stems from improper validation of user input in the GET parameter handler. The attack vector is network-based, allowing remote attackers to exploit the vulnerability without requiring user interaction. The complexity of the attack is low, and attackers with limited privileges can successfully execute the attack.

This vulnerability has implications for confidentiality, integrity, and availability, as sensitive data can be accessed and modified, potentially leading to a complete compromise of the affected system.

Risk & Impact Analysis

Organizations using the SourceCodester Purchase Order Management System are at significant risk due to this vulnerability. The potential for data breaches and unauthorized access to sensitive information creates a substantial threat landscape. The blast radius of exploitation could extend beyond the immediate system, affecting related environments and applications.

With a CVSS score of 9.8, the urgency for organizations to address this vulnerability is critical. Organizations should prioritize patching immediately to mitigate the risks associated with SQL injection vulnerabilities.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the product is Purchase Order Management System 1.0. Organizations using this version should implement the necessary updates to mitigate the vulnerability.

Mitigation & Remediation

Organizations should apply the latest patches as soon as they are available. If a patch is not available, consider implementing workarounds such as input validation and sanitization to prevent SQL injection. Additionally, configuration hardening should be employed to limit exposure.

For further assistance, organizations can explore our penetration testing services to identify and remediate vulnerabilities.

Detection Guidance

To detect potential exploitation of this vulnerability, monitor logs for unusual SQL queries and unauthorized access attempts. Additionally, implement behavioral analysis to identify anomalies in user interactions with the affected system.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the need for robust input validation mechanisms across all web applications. Security teams must remain vigilant in monitoring for similar patterns of SQL injection vulnerabilities.

For further reading on secure coding practices, organizations may consult our secure coding practices guide to enhance their defenses.

Additionally, organizations should review our insights on vulnerability management programs to foster a proactive security posture.

Lastly, reviewing our penetration testing methodology can provide valuable strategies for identifying and addressing vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-2130: Medium Vulnerability in Purchase Order Management System