POC:
Step 1: Use a normal user account
Step 2: Change user password in edit profile function
Step 3: Enter data fields that change normally
Step 4: Use burp suite to intercept requests to update profile
Step 5: Change id from 2 to id 1 and send request
The result of logging in with the new username and password is usertest/Aa@123456
Successfully logged into the super admin account, the data in the database is changed