CodeAstro Online Movie Ticket Booking System Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in CodeAstro Online Movie Ticket Booking System version 1.0. This vulnerability allows an attacker to trick an authenticated user into submitting crafted POST data, which can result in unauthorized actions such as searching records without the user's knowledge.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can perform actions on behalf of an authenticated user without their consent.

Reproduction

To reproduce this vulnerability, an attacker must create a malicious link or form that, when clicked or submitted by an authenticated user, sends a request to the application that performs an action on behalf of the user. This can be done by exploiting the application's lack of proper CSRF protection on sensitive actions.