Doubt Regarding Bug Hunting on a Website

I am playing with a website whose URL is like:

1.) so i want to know what does confirmation code means here?
2.) How can it be exploitable?
3.) Something privilege escalation using URL tampering?

Note: Also the confirmation_token value remains constant and does not change after every refresh.