"The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state." - Entry from the Common Weakness Enumeration
For more info visit <a href="https://cwe.mitre.org/data/definitions/650.html" target="_blank" rel="noopener noreferrer">CWE-650</a>