The software receives input from an upstream component, but it
					does not restrict or incorrectly restricts the input before it is used as an
					identifier for a resource that may be outside the intended sphere of
					control.This may enable an attacker to access or modify otherwise protected system
						resources.