zhanghuanhao LibrarySystem Improper Access Control Vulnerability

A vulnerability allowing unauthorized access to the management backend has been identified in zhanghuanhao LibrarySystem versions through 1.1.1. This issue resides in the BookController.java file and stems from a lack of proper access controls, enabling remote exploitation. Attackers can access the backend without logging in and perform create, read, update, and delete operations. The vulnerability has been publicly disclosed, and the project maintainers have not yet responded to reports about this issue.

Impact

Exploitation of this vulnerability allows unauthorized users to access the administrative backend and perform CRUD operations on the system.

Reproduction

To reproduce this vulnerability, access the /admin_books.html page without logging in. This will bypass authentication and grant access to the management system, where CRUD operations can be performed. Alternatively, the vulnerability can be reproduced by accessing the /admin_books.html page without logging in, which will successfully log into the management system and allow users to perform CRUD operations.