In applications, particularly web applications, access to functionality is
						mitigated by the authorization framework, whose job it is to map ACLs to
						elements of the application's functionality; particularly URL's for web
						apps. In the case that the application deployer failed to specify an ACL for
						a particular element, an attacker may be able to access it with impunity. An
						attacker with the ability to access functionality not properly constrained
						by ACLs can obtain sensitive information and possibly compromise the entire
						application. Such an attacker can access resources that must be available
						only to users at a higher privilege level, can access management sections of
						the application or can run queries for data that he is otherwise not
						supposed to.