IDOR Vulnerabilty?

Hi there,

We noticed that there is an IDOR bug in load and delete function while loading notes on our Yii2 website. An attacker seems to able access all saved notes in the database as well as deleting them.

Is there a patch for this or has this been addressed by an update lately?

I think you should report this to author of your website, since it does not look like a bug in Yii 2 itself.