diff --git a/SUBMISSION_FIX_IDOR.md b/SUBMISSION_FIX_IDOR.md
new file mode 100644
index 0000000..7892d5a
--- /dev/null
+++ b/SUBMISSION_FIX_IDOR.md
@@ -0,0 +1,26 @@
+# IDOR Fix Implementation Guide
+
+## Issue #358: IDOR in Organization Memberships Endpoint
+
+This document provides the theoretical fix for the IDOR vulnerability. The exact file location needs to be identified in the codebase.
+
+## Fix Files Provided
+
+The fix is provided in:
+- `SUBMISSION_FILES/FIX_3_IDOR/organization_view.py` - Django viewset/views with authorization checks
+
+## Implementation
+
+The fix should be applied to the organization memberships endpoint handler that processes `GET /api/organizations/:id/memberships` requests.
+
+### Key Changes:
+1. Authorization check to verify user is a member of the organization
+2. Permission validation before returning data
+3. Data filtering by user's accessible organizations
+4. Role-based access control (admins vs regular members)
+5. Proper error handling (403 Forbidden for unauthorized access)
+
+## Note
+
+Since the exact file location could not be determined through codebase analysis, this fix is provided as a reference implementation. The maintainers should identify the correct file and apply the fix accordingly.
+