Anybody test this before?
when you login to your system as normal user and try editing your own account,
eg. http : / / <<<yourdomain.com / usersedit.php ?_userid=200
then you change the 200 to any number, example 1
http : / / <<<yourdomain.com>>> / usersedit.php ?_userid=1
You're able to view and/or modify the contain even you don't have the rights.
Is this dangerous? or how to prevent this?