CVE-2026-13549

MEDIUM

CodeAstro Complaint Management System Report Endpoint Report.php deletereport authorization

Title source: cna
STIX 2.1

Description

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

References (6)

Core 6
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-374557 | CodeAstro Complaint Management System Report Endpoint Report.php deletereport authorization
https://vuldb.com/vuln/374557
Signature, Permissions Required signature permissions-required
VDB-374557 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/374557/cti
Third Party Advisory third-party-advisory
CVE-2026-13549 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13549
Third Party Advisory third-party-advisory
Submit #843260 | CodeAstro Complaint Management System v1.0 Insecure Direct Object Reference (IDOR)
https://vuldb.com/submit/843260
Product product
https://codeastro.com/

Scores

CVSS v3 5.4
EPSS 0.0029
EPSS Percentile 21.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-285 CWE-639
Status published
Products (1)
CodeAstro/Complaint Management System 1.0
Published Jun 29, 2026
Tracked Since Jun 29, 2026