Techbrunch
commented
1 year ago I confirm that a non admin user can edit the profile of other users but the impact is limited since there are no specific access control linked to a user.
Open salmankhwaja opened 2 years ago
Techbrunch
commented
1 year ago I confirm that a non admin user can edit the profile of other users but the impact is limited since there are no specific access control linked to a user.
it was possible for a basic user to takeover any account using the ID Parameter.
How to Reproduce -Edit the GET request -Manipulate the User ID -For further clarification, please follow the evidences
