VBA : Unsafe database access control

In the absence of proper access control, SQL query execution with a primary key obtained from an untrusted source may give an attacker unauthorized access to database entries.

Broken Access Control take the fifth place in the “OWASP Top 10 2017” web application vulnerabilities ranking.

A vulnerability caused by unsafe direct object references can result in an authorized user of the web application gaining unauthorized access to privileged functions and data. If the application code does not correctly or improperly implement methods for working with information objects (for example, with files, directories or database keys), users who do not have the required privileges can bypass the protection measures implemented in the application.

Using this vulnerability, users can change parameter values ​​in such a way that they can directly access objects they are denied access to.