idor on upload profile functionality

Vulnerable URL: https://██████████/███████ID/#Common/EditOne/Person/{account_id} steps to reproduce: 1).browse the image and click on the upload button 2).capture this request in burp suite 3). change the value 'personId' parameter to account2 account_id (please see screenshot1) 4).then goes to account2, then you will see the uploaded image is successfully goes to the approved tab please see video attach below you will understand completely ## Impact an attacker is able to change profile image of any user