Improper Authorization in imran300/inventory
Sep 4th 2021
A designer user can delete any other users IDOR.
🕵️♂️ Proof of Concept
go to this url when logging in as a Designer.
and then you can see that a user with id
10 will be deleted.
This vulnerability is capable of delete any user.