IDOR

Insecure Direct Object Reference

This type of vulnerability arises where user-controller parameter values are used to access resources or functions directly.

May occurs as Horizontal privilege escalation where a employee or client can access other employee or client account or profile.

In order to protect from this a company can use globally unique identifiers (GUIDs) to identify users.