The problem here is related to identity and permissions. As the official definition states:
"Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities."
This is even worse when the false authenticated users are remote (the typical case) and therefore difficult to track.
The problems here are multiple:
Generally speaking, we can say this is a problem of impersonation or elevation of privileges (either because the attacker has no privilege at all or because it raises itself to...