1954 matches found
CVE-2023-26581
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27254
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26583
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27260
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27375
Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27255
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27254
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27262
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26582
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26568
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26569
Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26575
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers...
CVE-2023-26568
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Authentication flaw
Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Authentication flaw
Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...