SourceCodester Product Expiry Management System Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the SourceCodester Product Expiry Management System, specifically in version 1.0 of the Web-based Pharmacy Product Management System. The issue resides in the User Management module, particularly within the delete-user.php file. This vulnerability allows remote attackers to delete arbitrary user accounts by sending forged cross-origin GET requests. The endpoint in question relies solely on session cookies for authentication and lacks adequate CSRF protection, making it susceptible to exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of user accounts, including those of administrators, disrupting the integrity and availability of user management within the application.

Reproduction

To reproduce this vulnerability, log in as an administrator and navigate to the user management section. Create a malicious HTML page that sends GET requests to the delete-user.php endpoint, targeting multiple user IDs, including those of admin accounts. Once the page is opened in a browser with an active admin session, the targeted user accounts will be deleted automatically.