Broken Access Control
Broken access control refers to any way in which a user can access portions of a web application that should not be available to them. One example occurs when a hacker who knows the URL for an admin function can enter the URL in a browser directly and access the page without logging in. Another example is when user input is not sanitized, allowing a hacker to perform a SQL injection attack to view, edit, or delete data.