CanalDenuncia.app Lack of Authorization Vulnerability in User Information Access
Vulnerability
A lack of authorization vulnerability exists in CanalDenuncia.app versions prior to 4.4.8. This vulnerability allows attackers to access information of other users by sending a POST request with the 'email' parameter to '/backend/api/users/searchUserByEmail.php'.
Impact
Exploitation of this vulnerability allows unauthorized access to other users' information.
Remediation
Users can update to CanalDenuncia.app version 4.4.8 to address this vulnerability.
Added: Nov 4, 2025, 2:19 PM
Updated: Nov 4, 2025, 3:44 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
7.4remediation
7.7relevance
0.9threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.