216.73.217.139

CVE-2025-41112

· Published 04/11/2025 13:15 · Modified 05/11/2025 17:06

Labels: CVE-2025-41112 2025-11-04CVE-2025-41112CWE-862[email protected]

Essential information

Published
04/11/2025 13:15
Modified
05/11/2025 17:06
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
canaldenuncia / canaldenuncia.app cpe:2.3:a:canaldenuncia:canaldenuncia.app:*:*:*:*:*:*:*:*

References