Joao Gomes, Application Security Researcher, Checkmarx, says it appears to be a simple issue of incorrectly providing access control.