SourceCodester Gaatitrack Courier Management System Unauthenticated User Deletion Vulnerability

A broken access control vulnerability has been identified in SourceCodester Gaatitrack Courier Management System version 1.0. The issue resides in the User Delete Handler component, specifically within the ajax.php file, where the delete_user action is processed. This vulnerability allows unauthenticated users to delete any registered user, including administrators, by manipulating the user ID parameter. The deletion is executed without any authentication checks, leading to unauthorized removal of user accounts and potential disruption of service.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of user accounts from the system, including those with administrative privileges. This not only disrupts service for affected users but also risks losing administrative control over the application.

Reproduction

To reproduce this vulnerability, send a POST request to ajax.php?action=delete_user without any authentication. Include the ID of the user to be deleted in the request. The server will respond with a confirmation of the deletion, which can be verified by checking the users table in the database.

Remediation

Implement authentication checks in ajax.php to ensure that only logged-in users can access the delete_user action. Additionally, establish role-based access controls to verify that the user has the necessary administrative privileges before allowing deletion. Consider using soft deletion methods to prevent permanent loss of data.