← Back to Dashboard
Broken Access Control
The Scenario
An endpoint allows users to fetch invoices by ID, but doesn't verify owner-to-resource alignment.
An endpoint allows users to fetch invoices by ID, but doesn't verify owner-to-resource alignment.