Rationale
Insecure Direct Object References (DOR) occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access restricted resources.
Scope
Visualforce components
Visualforce pages
Apex controllers