1954 matches found
Authentication flaw
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Authentication flaw
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27260 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27376
CVE-2023-27376 affects IDAttend IDWeb (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_StudentDetails method, enabling unauthenticated attackers to extract sensitive student data. Documents indicate the vulnerability exists in IDWeb v3.1.052 and ...
CVE-2023-27259
IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...
CVE-2023-27259 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...
CVE-2023-27255 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27255 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584
CVE-2023-26584 concerns unauthenticated SQL injection in the GetStudentInconsistencies method of IDAttend’s IDWeb application (version 3.1.052 and earlier). The vulnerability can allow extraction or modification of all data by an unauthenticated attacker. Reported CVSS assessments indicate high i...
CVE-2023-26583 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26581 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26575
CVE-2023-26575 affects IDAttend’s IDWeb application, versions 3.1.052 and earlier. The vulnerability lies in the SearchStudentsStaff method, where missing authentication allows unauthenticated attackers to extract sensitive student and teacher data. CVSS 3.1 base score is 7.5 (HIGH) with NETWORK ...
CVE-2023-26570
CVE-2023-26570 affects IDAttend IDWeb, version 3.1.052 and earlier. A missing authentication in the StudentPopupDetails_Timetable method allows unauthenticated attackers to extract sensitive student data (confidentiality impact HIGH; CVSS 3.1 base 7.5). Remediation guidance across sources include...