2 matches found
CVE-2025-41344 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'idarchivo' in '/backend/api/verArchivo.php'...
CVE-2025-41344
CVE-2025-41344 affects CanalDenuncia.app. The issue is a lack of authorization in the /backend/api/verArchivo.php endpoint, where a POST containing id_archivo can disclose other users’ information. Affected component: CanalDenuncia.app; vulnerable operation: POST to verArchivo.php with id_archivo...