| Accessing Functionality Not Properly Constrained by ACLs |
| CWE-276 | Incorrect Default Permissions |
| CWE-285 | Improper Authorization |
| CWE-434 | Unrestricted Upload of File with Dangerous Type |
| CWE-693 | Protection Mechanism Failure |
| CWE-721 | OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
