Idor on the DELETE /comments/

The researcher found an IDOR vulnerability in the comment editing and deletion functionality. By modifying the comment ID in requests, an attacker could view or attempt to manipulate other users’ comments. While CAPTCHA blocked unauthorized deletions, edit attempts on others’ comments could disable the edit option for the original user. The lack of rate limiting allowed mass enumeration via automated tools. This summary is generated by AI