CNNVD-202511-165 Information

Nov 04, 2025 cve

CNNVD ID

CNNVD-202511-165

CVE-2025-41340

CNNVD Published: 2025-11-04

Description (Chinese)

CanalDenuncia App是西班牙CanalDenuncia公司的一个举报通道应用软件。 CanalDenuncia App存在安全漏洞，该漏洞源于缺少授权检查，攻击者可通过向/backend/api/buscarTipoDenunciabyId.php发送包含参数id_tp_denuncia和id_sociedad的POST请求访问其他用户信息。

Description (English)

CanalDenuncia App is a reporting channel application for the Spanish company CanalDenuncia. There is a security loophole in CanalDenuncia App, which stems from the lack of authorization to inspect, and the attackers can access other users’ information by sending POST requests containing parameters id tp denuncia and id social to /backend/api/buscarTipoDenunciabyId.php.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CanalDenuncia

Published

2025-11-04

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp

Patch

https://canaldenuncia.app/

Share on: