CWE-566 : Authorization Bypass Through User-Controlled SQL Primary Key
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
Related CAPEC definitions
No related CAPEC definitions found
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.