PII Leak via /████████

**Summary:** An attacker is able to view PII (Full name/address/e-mail/phone) of all website users via █████████/████████ ## Step-by-step Reproduction Instructions 1. Browse to ████ and login or create an account. 2. Browse to ████/███████ 3. Begin typing a name in the `Select User` field, and click the `(i)` icon on the right side of the field to view the users data. ██████ ## Suggested Mitigation/Remediation Actions Restrict access to this endpoint to administrative roles. ## Impact An adversary can gather PII of all `█████████` users via this endpoint.