MTN Group: IDOR at mtnmobad.mtnbusiness.com.ng leads to PII leakage.

The IDOR vulnerability at mtnmobad.mtnbusiness.com.ng allowed the personal information of users, such as their phone numbers and account details, to be accessed by an attacker who knew the user's email address. The vulnerable request was a POST to the /app/getUserNotes endpoint, which accepted th...