Restrictions on what authenticated users can do are not properly enforced. Attackers can exploit these flaws to access unauthorized functionality or data.
Example 1
Modifying the URL to access other users' resources
Example 2
Changing the 'id' parameter in the URL to view other users' data
