The software does not properly restrict reading from or writing to dynamically-identified variables.