Withstars Books-Management-System Missing Authorization Vulnerability in Background Interface
Vulnerability
A critical unauthorized access vulnerability has been identified in Withstars Books-Management-System version 1.0. The issue resides in the Background Interface, specifically within the file '/allreaders.html'. This vulnerability allows remote access to the background functions without proper authorization, potentially leading to exposure of sensitive information or unauthorized operations. The lack of authorization checks enables unauthorized users to access reader management features, such as the 'All Readers' section, which could result in data breaches or manipulation.
Impact
Exploitation of this vulnerability allows for unauthorized access to the background interface, bypassing authentication requirements. This could lead to unauthorized operations or exposure of sensitive information.
Reproduction
To reproduce this vulnerability, access the '/allreaders.html' file in the Background Interface. The absence of authorization checks allows unauthorized users to view and manage reader information. Deleting any existing cookies can facilitate access by removing authentication tokens, if applicable.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.