The basic idea about why application-logic vulnerabilities happen is that the developers are following a specific paradigm when creating an application—and I am not talking about technology paradigms, I am saying that they are thinking in a specific way.
This means they take decisions in the code, and after processing them, they have a result. When they do that, they think about just the possible options they have from design. But, what happens if an external person, with different ideas, and outside of the paradigm, has other options? See the following diagram:
Due to this, different options were not thought of by the developers—it is an unexpected option, and it results in an error. Sometimes, these errors could crash the application, but in some cases, it could lead to a vulnerability.