IDOR or something else?
While analyzing a web application, I identified a path of the type https://example/remove/123, which allows a user with lower privileges to remove a report created by a user with higher privileges. In theory, the user with lower privileges…