Insecure Direct Object References (IDOR) (High)

[Ayaanshaikh12243]

Files: api/posts/create.php, data access endpoints
Problem: No authorization checks for resource access
Example:

$userId = (int) $_SESSION['user']['id']; // No verification if user can access this resource

Copy
php
Impact: Users can access/modify other users' data

[Ayaanshaikh12243]

@sumitrathor1 please assign this issue to me

[sumitrathor1]

@Ayaanshaikh12243 I have assigned this issue to u pls start working on it.