VYPR

CanalDenuncia.app

by INCIBE

CVEs (6)

  • CVE-2025-41343HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.

  • CVE-2025-41337HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

  • CVE-2025-41336HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.

  • CVE-2025-41114HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.

  • CVE-2025-41113HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.

  • CVE-2025-41112HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.