Files: api/posts/create.php, data access endpoints
Problem: No authorization checks for resource access
Example:
$userId = (int) $_SESSION['user']['id']; // No verification if user can access this resource
Copy
php
Impact: Users can access/modify other users' data
Files: api/posts/create.php, data access endpoints
Problem: No authorization checks for resource access
Example:
$userId = (int) $_SESSION['user']['id']; // No verification if user can access this resource
Copy
php
Impact: Users can access/modify other users' data