Critical Security Vulnerability: Unauthenticated Access to /shipments/deleted 1 Endpoint Allows Irreversible Data Deletion
Web applications often rely on API endpoints to manage critical functionalities, but when these endpoints lack proper security controls, they can lead to severe data breaches or disruptions. In this report, I detail a critical vulnerability I discovered in the shipment management module of a logistics platform, where a public API endpoint allowed unauthenticated deletion of shipment records. This issue posed a high-impact threat to business continuity and data integrity.