IDOR is a vulnerability that falls under Broken Access Control. It means that an attacker can access information or perform actions not intended for them.
An application using a user-supplied input to retrieve objects (files, data, documents) and they are numbered sequentially (i.e. the pattern is easy to figure out).