CVE-2025-41338 in CanalDenuncia.appالمعلومات

الملخص

بحسب MITRE • 04/11/2025

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.

Once again VulDB remains the best source for vulnerability data.

مسؤول

INCIBE

حجز

16/04/2025

إفشاء

04/11/2025

الاعتدال

تمت الموافقة

إدخال

VDB-331161

EPSS

0.00270

KEV

لا

النشاطات

منخفض جدًا

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!