CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

OSV•added 2023/10/25 6:17 p.m.•0 views

CVE-2023-27262

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.1CVSS5.8AI score0.00153EPSS

Exploits0References1

OSV•added 2023/10/25 6:17 p.m.•0 views

CVE-2023-27259

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

7.5CVSS5.8AI score0.00357EPSS

Exploits0References1

NVD•added 2023/10/25 6:17 p.m.•12 views

CVE-2023-27259

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

7.5CVSS7.7AI score0.00357EPSS

Exploits0References1

Prion•added 2023/10/25 6:17 p.m.•9 views

Authentication flaw

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

5CVSS7.7AI score0.00357EPSS

Exploits0References1Affected Software1

CVE•added 2023/10/25 10:25 a.m.•35 views

CVE-2023-27262

Vulnerability (CVE-2023-27262) : Unauthenticated SQL injection in the GetAssignmentsDue method of IDAttend’s IDWeb application (versions up to 3.1.052) allows unauthenticated attackers to read/modify data. Affects: IDWeb; root cause: improper SQL handling in GetAssignmentsDue. Impact: high confid...

9.8CVSS9.9AI score0.00153EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/25 10:25 a.m.•11 views

CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.4AI score0.00153EPSS

Exploits0References1

CVE•added 2023/10/25 10:23 a.m.•40 views

CVE-2023-27260

CVE-2023-27260 affects IDAttend’s IDWeb application (versions up to 3.1.052). The connected documents describe an unauthenticated SQL injection in the GetAssignmentsDue method, allowing extraction or modification of all data. The vulnerability is network-accessible with no privileges and no user ...

9.8CVSS9.9AI score0.00153EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/10/25 10:17 a.m.•11 views

CVE-2023-27259 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

7.5CVSS7.9AI score0.00357EPSS

Exploits0References1

CVE•added 2023/10/25 10:17 a.m.•30 views

CVE-2023-27259

IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...

7.5CVSS7.7AI score0.00357EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/10/25 12:0 a.m.•2 views

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the GetAssignmentsDue method...

7.5CVSS7AI score0.00357EPSS

Exploits0References2

CNNVD•added 2023/10/25 12:0 a.m.•2 views

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetAssignmentsDue method...

9.8CVSS8AI score0.00153EPSS

Exploits0References2

Positive Technologies•added 2023/10/25 12:0 a.m.•2 views

PT-2023-21038 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetAssignmentsDue method, allowing unauthenticated attackers to extract sensitive student and teacher data. Recommendations: For...

7.5CVSS7.4AI score0.00357EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by