Due to lack of proper authorization checks on the phpfile parameter within the application code, we are able to view a privileged file on the system. Developers and system administrators provide access controls and checks prior to the revealing of sensitive files and resources. When these access controls are missing, IDOR vulnerabilities may be present.