inDrive: Unlimited fake rate to the passenger in city to city, Affected endpoint `/api/v1/reviews/ride/<ID>/driver`
The vulnerability allowed an unlimited increase of the passenger's rating in the city-to-city shared ride feature. The request to the /api/v1/reviews/ride//driver endpoint was manipulated by changing the rating value to a higher number, which was accepted by the application and resulted in an...