Direct Request ('Forced Browsing')

Web application isn't able to conduct proper compliance of limited URLs, scripts or files authorization and applies authorization only at certain points in the path that allows attackers to gain privileges, read and modify application data and execute case or command.
The weakness is introduced during Architecture and Design, Implementation, Operation stages.