There are several application issues associated with the privilege escalation attack shown in this recipe. Any actions related to account provisioning (that is, role assignments) should only be allowed by administrators. Without proper checks in place, users can attempt to escalate their provisioned roles. Another issue exemplified in this recipe is the sequential user ID number (for example, uid=3). Since this number is easily guessable and because most applications start with administrator accounts, changing the digit from 3 to 1 seemed a probable guess for association with the admin account.