CVE-2025-41341

CVE-2025-41341 involves a missing authorization vulnerability in CanalDenuncia.app. An attacker can access other users’ information by issuing a POST to /backend/api/buscarUsuarioByDenuncia.php with the parameters id_denuncia and seguro . Affected software is CanalDenuncia.app; the vulnerability’...

CVE-2025-41114 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'...

CVE-2025-41113

CVE-2025-41113 affects CanalDenuncia.app due to a missing authorization check. An attacker can access other users’ data by sending a POST to /backend/api/buscarDenunciaByPin.php with the id_denuncia parameter. Root cause: lack of authorization. Impact: confidentiality exposure (HIGH). Exploitatio...

CVE-2025-41111 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...