unauthorized access and add user and change personal information all users

The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allows attackers to add new users and modify personal information of existing users. The vulnerability is classified as Improper Access Control. The issue stems from the absence of proper authentication and authorization mechanisms on the ██████████ endpoint, which handles user registration and profile updates. This vulnerability allows anyone to create new user accounts or modify existing user information without requiring any authentication. Additionally, the vulnerability is compounded by a predictable user identifier system (4-digit codes) that can be easily enumerated through brute force methods to identify valid user profiles through the ██████████ endpoint.