CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.