| Bypassing access controls using email address parsing discrepancies | APPRENTICE | Business Logic Vulnerabilities | Abrir |
| Insecure direct object references | APPRENTICE | Access Control Vulnerabilities | Abrir |
| Unprotected admin functionality | APPRENTICE | Access Control Vulnerabilities | Abrir |
| Unprotected admin functionality with unpredictable URL | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User ID controlled by request parameter | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User ID controlled by request parameter with data leakage in redirect | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User ID controlled by request parameter with password disclosure | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User ID controlled by request parameter, with unpredictable user IDs | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User role can be modified in user profile | APPRENTICE | Access Control Vulnerabilities | Abrir |
| User role controlled by request parameter | APPRENTICE | Access Control Vulnerabilities | Abrir |
| Method-based access control can be circumvented | PRACTITIONER | Access Control Vulnerabilities | Abrir |
| Multi-step process with no access control on one step | PRACTITIONER | Access Control Vulnerabilities | Abrir |
| Referer-based access control | PRACTITIONER | Access Control Vulnerabilities | Abrir |
| URL-based access control can be circumvented | PRACTITIONER | Access Control Vulnerabilities | Abrir |