OPPO: Arbitrary thread deletion on c.realme.com

Summary: It's possibile to delete any arbitrary thread on c.readme.com since the /eu/api/thread/delete endpoint does not correctly verify if the session of the user is associated with the actual post creator, allowing an attacker to delete any post as if it were his. This would allow an attacker ...