MidnightBSD

Advisories for canaldenuncia

CVE-2025-41111

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarComentariosByDenuncia.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41112

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41113

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41114

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41335

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41336

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41337

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41338

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41339

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41340

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41341

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41342

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41343

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41344

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *
CVE-2025-41345

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.

Products Affected

Vendor Product Version
canaldenuncia canaldenuncia.app *