Users Data Exposure via Insecure Endpoint

An insecure endpoint on the Mars Royal Canin website (█████████ ) is exposing sensitive customer information without proper authentication. The vulnerability allows unauthorized access to personal data including full names, phone numbers, email addresses, physical addresses, and postal codes. This data exposure occurs through a simple API endpoint that can be accessed by anyone with knowledge of its existence. The endpoint reveals customer data when provided with a numeric code parameter, and all user information can potentially be accessed by brute-forcing this parameter using all possible 4-digit combinations. This type of vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), which represents a significant privacy concern for affected users.