This application makes a flawed assumption about the user's privilege level based on their input. As a result, it is possible to exploit the logic of its account management features to gain access to arbitrary users' accounts.