2 matches found
CVE-2025-41341
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...
CVE-2025-41113
CVE-2025-41113 affects CanalDenuncia.app due to a missing authorization check. An attacker can access other users’ data by sending a POST to /backend/api/buscarDenunciaByPin.php with the id_denuncia parameter. Root cause: lack of authorization. Impact: confidentiality exposure (HIGH). Exploitatio...