CVE-2025-41345

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app (affected versions not specified)

Description A missing authorization issue exists in CanalDenuncia.app that allows an attacker to access other users' information. This is achieved by sending a POST request through the parameters id denuncia and id user in the API endpoint '/backend/api/buscarDenunciasById.php'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.