Withstars Books-Management-System Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Withstars Books-Management-System version 1.0. The issue arises in the Article Handler component, specifically within the '/api/article/del' endpoint. This vulnerability allows an attacker to trick an authenticated user into unintentionally deleting an article. The vulnerability can be exploited remotely and requires user interaction from the victim.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an authenticated user is manipulated into performing actions they did not intend to, such as deleting an article.

Reproduction

To reproduce this vulnerability, an attacker must create a CSRF proof-of-concept (PoC) that exploits the '/api/article/del' endpoint. This PoC should be hosted on a remote server. The attacker then needs to trick an authenticated user into clicking a link or performing an action that triggers the deletion of an article via the vulnerable API endpoint.