exploitDog

GHSA-4288-2xw7-pwj3

Опубликовано: 04 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.

Ссылки

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2025-41335

CVSS3: 7.5

nvd

3 месяца назад

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-862