CVE-2026-13549
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A security flaw in CodeAstro Complaint Management System 1.0 allows remote authorization bypass via the deletereport function in Report.php. The exploit is publicly available.
Risk Assessment
An attacker can remotely delete reports without proper authorization, leading to data integrity loss and potential confidentiality breaches.
Recommendation
Apply the vendor's patch immediately or temporarily disable the report endpoint until an update is deployed.
Original NVD description (English source)
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

