The vulnerability arises when the user has direct access to objects from user-supplied data.
The classic example of this would be something like the follwoing
```
http://foo.bar/changepassword?user=someuser
```
Imagine that you know anothers username , then you can just change the username and be able to change the password for that user.
Imagine that you know anothers username , then you can just change the username and be able to change the password for that user. The data you can access can be anything, maybe private comments, messages, images, user data.
@@ -22,5 +18,11 @@ If you have access to the source-code that is an easy way to do it. Check the se
