"The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control." - Entry from the Common Weakness Enumeration
For more info visit <a href="https://cwe.mitre.org/data/definitions/99.html" target="_blank" rel="noopener noreferrer">CWE-99</a>