Withstars Books Management System Background Interface Missing Authorization Vulnerability

A critical unauthorized access vulnerability has been identified in Withstars Books Management System version 1.0. This issue arises from a lack of proper authorization checks in the background interface, specifically within the article management component. As a result, unauthorized users can access sensitive functions and information remotely, potentially leading to data breaches or unauthorized modifications.

Impact

Exploitation of this vulnerability allows unauthorized users to access the background interface and article management functions, which could result in unauthorized operations or access to sensitive information.

Reproduction

To reproduce this vulnerability, access the '/admin/article/list' endpoint without logging in. The absence of authorization checks will allow access to the article management interface. This can be done by sending a GET request to the endpoint, omitting any authentication cookies.