Broken Function Level Authorisation

App fails to check if user can perform that action. E.g. Standard user accessing admin panel