CSRF one click delete user

[e0mlja]

Affected software:MineWebCMS_v1.7.0 Type of vulnerability: XSS (Stored) Discovered by: yzc

Through the following POC, the administrator can delete the child tiger existing in the system without knowing it.

url：http://172.16.7.33/MineWebCMS/admin/user/delete/3 poc：

You can change other numbers, such as 3 in the URL, delete different accounts

Through CSRF, the administrator can delete the user's account without knowing it, resulting in serious consequences.