<- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information ->

In this report, the researcher found an insecure direct object reference that allowed a malicious user to impersonate another user in the comment section under Newswire articles. This meant that an attacker could leave abusive comments that appeared to have been made by another user, or delete a particular victim&#x27;s previous comments. This vulnerability had other adverse side effects as well, including information leakage and CSRF.