CVE Catalog

CVE-2026-13549

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A security flaw in CodeAstro Complaint Management System 1.0 allows remote authorization bypass via the deletereport function in Report.php. The exploit is publicly available.

Risk Assessment

An attacker can remotely delete reports without proper authorization, leading to data integrity loss and potential confidentiality breaches.

Recommendation

Apply the vendor's patch immediately or temporarily disable the report endpoint until an update is deployed.

Original NVD description (English source)

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS