Zelilac

**Name of the Vulnerable Software and Affected Versions** Syaqui Collegetivity version 1.0.0 **Description** An Insecure Direct Object Reference (IDOR) exists in the `/dashboard/notes` API endpoint. This allows attackers to impersonate other users and perform unauthorized actions by sending a specially crafted POST request. The `POST` request targets the `/dashboard/notes` endpoint and manipulates object references to gain access to other users' data and functionality. **Recommendations** Apply appropriate access controls to the `/dashboard/notes` endpoint to ensure users can only access their own data.