Authorization Bypass Vulnerability in CanalDenuncia.app
CVE-2025-41342
8.7HIGH
What is CVE-2025-41342?
An authorization bypass vulnerability exists in CanalDenuncia.app, enabling attackers to exploit the API endpoint '/backend/api/buscarUsuarioId.php'. By manipulating the 'id_user' parameter in a POST request, attackers can gain unauthorized access to sensitive information belonging to other users. This poses a significant risk to user privacy and data integrity, highlighting the need for stringent access control measures in application design.
Affected Version(s)
CanalDenuncia.app 0 < 4.4.8