The library management system has an unauthorized access vulnerability, allowing unauthorized access to the administrator's backend.

### Vulnerability Description
Attackers can access the management backend without logging in and perform CRUD operations on the system.
### Vulnerability Analysis
1、The system has no global permission interceptors configured.(WebConfig.java)(BookController.java)
<img width="2758" height="1478" alt="Image" src="https://github.com/user-attachments/assets/ac38eb07-e3ac-4a82-a7f1-203fc503ef13" />
<img width="2626" height="1518" alt="Image" src="https://github.com/user-attachments/assets/8223c2d6-5b1f-430a-8054-313c3148ebb8" />
### Vulnerability Reproduction
1、Accessing /admin_books.html without logging in successfully logs into the management system, allowing users to perform CRUD operations.
<img width="2480" height="1702" alt="Image" src="https://github.com/user-attachments/assets/334c2f7d-843b-4d8b-9ca0-c8d7a825e0d5" />
<img width="2630" height="1732" alt="Image" src="https://github.com/user-attachments/assets/94d26fdb-5c67-449b-ab2a-73870ef42ea0" />
2、Add book information

<img width="2834" height="1650" alt="Image" src="https://github.com/user-attachments/assets/42a7a5cc-b457-43ad-a8ed-3304be764082" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The library management system has an unauthorized access vulnerability, allowing unauthorized access to the administrator's backend. #32

Vulnerability Description

Vulnerability Analysis

Vulnerability Reproduction

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

The library management system has an unauthorized access vulnerability, allowing unauthorized access to the administrator's backend. #32

Description

Vulnerability Description

Vulnerability Analysis

Vulnerability Reproduction

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions