Improper Authorization in imran300/inventoryValid
Sep 4th 2021
A designer user can activate any other users IDOR.
🕵️♂️ Proof of Concept
go to this url when logging in as a Designer.
and then you can see that a user with id
10 will be activated.
This vulnerability is capable of activate any user.