Broken Access Control (BAC)

When an application does not thoroughly restrict user permissions for appropriate access to administrative functionality.