216.73.217.64

CVE-2025-41342

· Published 04/11/2025 14:15 · Modified 05/11/2025 17:03

Labels: CVE-2025-41342 2025-11-04CVE-2025-41342CWE-862[email protected]

Essential information

Published
04/11/2025 14:15
Modified
05/11/2025 17:03
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
canaldenuncia / canaldenuncia.app cpe:2.3:a:canaldenuncia:canaldenuncia.app:*:*:*:*:*:*:*:*

References