Improper Authorization in imran300/inventory
Sep 4th 2021
A designer user can deactivate any other users IDOR.
🕵️♂️ Proof of Concept
go to this url when logging in as a Designer.
and then you can see that a user with id
10 will be deactivated.
This vulnerability is capable of deactivate any user.