IDOR

**Summary:** IDOR **Description:** By changing the value in the parameter █████████= from my own account █████ to something else such as ████████ it is possible to see barcode and expiration date of other ████ without their consent. ## Impact Information Disclosure ## Step-by-step Reproduction Instructions 1. PoC: https://████████ ## Product, Version, and Configuration (If applicable) Web Application ## Suggested Mitigation/Remediation Actions Restrict access to other meal cards which the user is not authorized to access. ## Impact Information Disclosure