8 matches found
CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30336)
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...
CVE-2025-41111
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...
CVE-2025-41341
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...
CVE-2025-41114
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'...
CVE-2025-41114
CanalDenuncia.app is affected by a missing authorization vulnerability allowing an attacker to access other users’ information via a POST to /backend/api/buscarDocumentosByIdDenunciaUsuario.php with id_denuncia and id_user. The root cause is improper authorization validation for these parameters,...
CVE-2025-41113 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarDenunciaByPin.php'...
PT-2025-44995
Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...
PT-2025-45005
Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization allows an attacker to access other users' information. This is achieved by sending a POST request through the parameters id tp denuncia and id sociedad in th...