IDOR Vulnerability - Summary - An Insecure Direct Object Reference (IDOR) vulnerability was found in the appointment cancellation functionality. Attackers can cancel any user's appointment without proper authorization by modifying the ID parameter in the GET request. - Vulnerable Component and Context - File: for any authenticated user. Vulnerable code segment identified: - Proof of Concept (PoC) - The vulnerability is exploited by altering the ID parameter within the URL to cancel any appointment at will, due to the absence of input validation. - Impact - 1. Vertical Privilege Escalation - This indicates the possibility of elevating privileges, allowing an attacker to access unauthorized resources.