Delete all note of all user in application in usememos/memos
Dec 26th 2022
A user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote
Proof of Concept
The vulnerability will lose all user notes data throughout the system. Causing damage to user data.