CNNVD-202511-159 Information

Nov 04, 2025 cve

CNNVD ID

CNNVD-202511-159

CVE-2025-41345

CNNVD Published: 2025-11-04

Description (Chinese)

CanalDenuncia App是西班牙CanalDenuncia公司的一个举报通道应用软件。 CanalDenuncia App存在安全漏洞，该漏洞源于缺少授权检查，攻击者可通过向/backend/api/buscarDenunciasById.php发送包含参数id_denuncia和id_user的POST请求访问其他用户信息。

Description (English)

CanalDenuncia App is a reporting channel application for the Spanish company CanalDenuncia. There is a security loophole in CanalDenuncia App, which stems from a lack of authorization to check and the attackers can access other user information by sending POST requests containing parameters id denuncia and id user to/backend/api/buscarDenunciasById.php.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CanalDenuncia

Published

2025-11-04

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp

Patch

https://canaldenuncia.app/

Share on: