When conducting a security assessment of a web application, you discover that the application fails to properly restrict URL access to a function that should only be accessible to users with administrative privileges. Through this functionality, non-admin users can perform sensitive operations which poses a significant security risk. Based on the OWASP Top 10 list, which vulnerability category does this scenario BEST align with?
A04:2021-Insecure Direct Object References (IDOR)
A03:2021-Injection
A10:2021-Insufficient Logging & Monitoring
A01:2021-Broken Access Control