CNNVD-202511-163 Information
Nov 04, 2025
cve
CNNVD ID
CNNVD-202511-163
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
CanalDenuncia App是西班牙CanalDenuncia公司的一个举报通道应用软件。 CanalDenuncia App存在安全漏洞,该漏洞源于缺少授权检查,攻击者可通过向文件/backend/api/buscarUsuarioId.php中的参数id_user发送POST请求访问其他用户信息。
Description (English)
CanalDenuncia App is a reporting channel application for the Spanish company CanalDenuncia. There is a security loophole in CanalDenuncia App, which stems from a lack of authorization to inspect, and the attackers can send POST requests for access to other users by sending id user to the parameter id user in document/backend/api/buscarUsuarioId.php.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
CanalDenuncia
Published
2025-11-04
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp