Improper Authorization in imran300/inventory
Sep 4th 2021
A General manager user can edit/add other group
PERMISSIONS LIST with IDOR.
🕵️♂️ Proof of Concept
go to this url when logging in as a General manager.
and then you can see that Permissions can be bypassed.
This vulnerability is capable of change the group permissions with IDOR.