flaskBlog Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in flaskBlog version 2.6.1. This issue arises in the '/post/{postTitle}' component, where the application fails to properly verify the ownership of articles. As a result, attackers can delete titles of articles created by other users by sending a crafted POST request.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of articles, potentially leading to loss of content and disruption of user activity on the platform.

Reproduction

To reproduce this vulnerability, send a POST request to the '/post/{postTitle}' endpoint, replacing '{postTitle}' with the title of an article created by another user. The request must include a 'csrf_token' and the 'postDeleteButton' parameter to trigger the deletion.

Remediation

Users are advised to implement proper access controls by verifying that the user attempting to delete an article is the original author. This can be done by checking the user's identity against the article's ownership records before allowing the deletion.