exploitDog

GHSA-xr9h-fv82-7r7g

Опубликовано: 04 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

Ссылки

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2025-41337

CVSS3: 7.5

nvd

3 месяца назад

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-862