During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
A. Command injection
B. Broken authentication
C. Direct object reference
D. Cross-site scripting
A. Command injection
B. Broken authentication
C. Direct object reference
D. Cross-site scripting