Lucene search
K
IdattendIdweb

30 matches found

CVE
CVE
added 2023/10/25 10:8 a.m.51 views

CVE-2023-27255

The CVE concerns IDAttend’s IDWeb application, affected in version 3.1.052 and earlier. The vulnerability is an unauthenticated SQL injection in the DeleteRoomChanges method, allowing an attacker to extract or modify all data without authentication. Multiple connected sources align on the core is...

9.8CVSS9.9AI score0.00759EPSS
CVE
CVE
added 2023/10/25 10:23 a.m.51 views

CVE-2023-27260

CVE-2023-27260 affects IDAttend’s IDWeb application (versions up to 3.1.052). The connected documents describe an unauthenticated SQL injection in the GetAssignmentsDue method, allowing extraction or modification of all data. The vulnerability is network-accessible with no privileges and no user ...

9.8CVSS9.9AI score0.00556EPSS
CVE
CVE
added 2023/10/25 9:46 a.m.49 views

CVE-2023-26579

CVE-2023-26579 affects IDAttend IDWeb application version 3.1.013. The vulnerability is lack of authentication in the DeleteStaff method, enabling unauthenticated attackers to delete staff information. Documented impact is deletion of staff data with network-level access and no privileges require...

5.3CVSS5.4AI score0.00526EPSS
CVE
CVE
added 2023/10/25 8:35 a.m.46 views

CVE-2023-26569

IDAttend IDWeb (versions 3.1.052 and earlier) is affected by an unauthenticated SQL injection in the StudentPopupDetails_Timetable method. The vulnerability allows an attacker to read and modify data without authentication. The reports consistently describe a high-severity impact with potential d...

9.8CVSS9.9AI score0.00759EPSS
CVE
CVE
added 2023/10/25 10:4 a.m.46 views

CVE-2023-27254

IDAttend IDWeb application, versions 3.1.052 and earlier, contains an unauthenticated SQL injection in the GetRoomChanges method. The vulnerability allows extraction or modification of all data by unauthenticated attackers. No exploitation details are provided in the documents beyond the descript...

9.8CVSS9.9AI score0.00759EPSS
CVE
CVE
added 2023/10/25 10:28 a.m.45 views

CVE-2023-1356

CVE-2023-1356 affects IDAttend IDWeb (versions 3.1.052 and earlier) with a reflected cross-site scripting vulnerability in the StudentSearch component. The root cause is reflected XSS that enables session hijacking when a user clicks a malicious link. Impact is session hijack capability; potentia...

7.5CVSS6.2AI score0.00444EPSS
CVE
CVE
added 2023/10/25 10:21 a.m.45 views

CVE-2023-27261

CVE-2023-27261 affects IDAttend’s IDWeb application, version 3.1.052 and earlier. The root cause is missing authentication in the DeleteAssignments method, enabling unauthenticated actors to delete data. Reported impact states data deletion possible without credentials; CVSS bases show Medium sev...

6.5CVSS5.8AI score0.00526EPSS
CVE
CVE
added 2023/10/25 10:18 a.m.45 views

CVE-2023-27375

The vulnerability CVE-2023-27375 affects the IDAttend IDWeb application (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_ContactDetails method, enabling unauthenticated attackers to extract sensitive student data. Impact is described as high conf...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 10:20 a.m.45 views

CVE-2023-27377

CVE-2023-27377 affects IDAttend’s IDWeb app (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_EmergencyContactDetails method, enabling unauthenticated attackers to exfiltrate sensitive student data over the network. The cvss 3.1 data indicates hig...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 9:43 a.m.44 views

CVE-2023-26578

CVE-2023-26578 affects IDAttend IDWeb 3.1.013. The vulnerability is an arbitrary file upload to the web root by authenticated users, enabling uploading of dangerous files (e.g., ASP/ASPX) and resulting in command execution on the server. Affected component: IDWeb application’s upload handling. Im...

8.8CVSS8.9AI score0.01463EPSS
CVE
CVE
added 2023/10/25 9:37 a.m.43 views

CVE-2023-26575

CVE-2023-26575 affects IDAttend’s IDWeb application, versions 3.1.052 and earlier. The vulnerability lies in the SearchStudentsStaff method, where missing authentication allows unauthenticated attackers to extract sensitive student and teacher data. CVSS 3.1 base score is 7.5 (HIGH) with NETWORK ...

7.5CVSS7.7AI score0.00702EPSS
CVE
CVE
added 2023/10/25 9:49 a.m.43 views

CVE-2023-26580

The vulnerability CVE-2023-26580 affects IDAttend’s IDWeb application 3.1.013, allowing unauthenticated arbitrary file read and access to files on the web server. Documented impact specifies unauthenticated access with high confidentiality impact (C: High, I: None, A: None) and network/low comple...

7.5CVSS7.6AI score0.00662EPSS
CVE
CVE
added 2023/10/25 10:0 a.m.43 views

CVE-2023-26581

The IDWeb application (IDWeb) used by IDAttend is affected: vulnerable in versions 3.1.052 and earlier, via an unauthenticated SQL injection in the GetVisitors method. Root cause is improper handling/exposure of data through GetVisitors, enabling attackers to extract or modify all data. Impact is...

9.8CVSS9.9AI score0.00556EPSS
CVE
CVE
added 2023/10/25 10:2 a.m.43 views

CVE-2023-26583

The CVE-2023-26583 entry concerns an unauthenticated SQL injection in the GetCurrentPeriod method of IDAttend’s IDWeb application (versions ≤ 3.1.052). The vulnerability allows an attacker to extract or modify all data without authentication, as described across multiple sources. The documents do...

9.8CVSS9.9AI score0.00556EPSS
CVE
CVE
added 2023/10/25 10:19 a.m.43 views

CVE-2023-27376

CVE-2023-27376 affects IDAttend IDWeb (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_StudentDetails method, enabling unauthenticated attackers to extract sensitive student data. Documents indicate the vulnerability exists in IDWeb v3.1.052 and ...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 10:2 a.m.42 views

CVE-2023-26584

CVE-2023-26584 concerns unauthenticated SQL injection in the GetStudentInconsistencies method of IDAttend’s IDWeb application (version 3.1.052 and earlier). The vulnerability can allow extraction or modification of all data by an unauthenticated attacker. Reported CVSS assessments indicate high i...

9.8CVSS9.9AI score0.00556EPSS
CVE
CVE
added 2023/10/25 10:16 a.m.42 views

CVE-2023-27258

CVE-2023-27258 affects the IDAttend IDWeb application, versions 3.1.052 and earlier. The root cause is a missing authentication check in the GetStudentGroupStudents method, allowing unauthenticated attackers to retrieve student and teacher data. Exploitation status is not specified in the provide...

7.5CVSS7.7AI score0.00508EPSS
CVE
CVE
added 2023/10/25 10:25 a.m.42 views

CVE-2023-27262

Vulnerability (CVE-2023-27262) : Unauthenticated SQL injection in the GetAssignmentsDue method of IDAttend’s IDWeb application (versions up to 3.1.052) allows unauthenticated attackers to read/modify data. Affects: IDWeb; root cause: improper SQL handling in GetAssignmentsDue. Impact: high confid...

9.8CVSS9.9AI score0.00759EPSS
CVE
CVE
added 2023/10/25 8:41 a.m.41 views

CVE-2023-26571

IDAttend IDWeb application, version 3.1.052 and earlier, exposes a missing authentication flaw in the SetStudentNotes method that allows unauthenticated attackers to modify student data (integrity impact). The issue is confirmed across multiple sources in Connected documents; the root cause is la...

7.5CVSS7.7AI score0.00603EPSS
CVE
CVE
added 2023/10/25 9:38 a.m.41 views

CVE-2023-26576

IDWeb application versions 3.1.052 and earlier suffer from missing authentication in the SearchStudentsRFID method, enabling unauthenticated attackers to extract sensitive student data. Root cause: inadequate access control on the SearchStudentsRFID endpoint. Impact: exposure of sensitive student...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 8:48 a.m.40 views

CVE-2023-26573

The CVE-2023-26573 entry concerns IDAttend IDWeb, affected in versions 3.1.052 and earlier. The underlying issue is missing authentication in the SetDB method, enabling either denial of service or theft of database login credentials. Reported impact is described in multiple sources without concre...

9.1CVSS8.5AI score0.00724EPSS
CVE
CVE
added 2023/10/25 9:40 a.m.40 views

CVE-2023-26577

CVE-2023-26577 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The issue is a stored cross-site scripting vulnerability that allows an attacker to hijack the browsing session of a logged-in user. Root cause: stored XSS in the IDWeb component. Impact is session hijacking as de...

7.5CVSS5.8AI score0.0042EPSS
CVE
CVE
added 2023/10/25 8:51 a.m.39 views

CVE-2023-26574

CVE-2023-26574 concerns the IDAttend IDWeb application (versions 3.1.052 and earlier). The root cause is a missing authentication check in the SearchStudents method, allowing unauthenticated attackers to extract sensitive student data. Impact, per sources, is elevated by the ability to access con...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 10:17 a.m.39 views

CVE-2023-27259

IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...

7.5CVSS7.7AI score0.00508EPSS
CVE
CVE
added 2023/10/25 8:38 a.m.38 views

CVE-2023-26570

CVE-2023-26570 affects IDAttend IDWeb, version 3.1.052 and earlier. A missing authentication in the StudentPopupDetails_Timetable method allows unauthenticated attackers to extract sensitive student data (confidentiality impact HIGH; CVSS 3.1 base 7.5). Remediation guidance across sources include...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 10:1 a.m.38 views

CVE-2023-26582

CVE-2023-26582 affects IDAttend’s IDWeb application. The issue is an unauthenticated SQL injection in the GetExcursionDetails method, enabling attackers to extract or modify data. Affected are IDWeb versions 3.1.052 and earlier. The vulnerability is described across multiple sources (e.g., NVD/Re...

9.8CVSS9.9AI score0.00556EPSS
CVE
CVE
added 2023/10/25 10:13 a.m.37 views

CVE-2023-27256

The CVE-2023-27256 issue affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The root cause is missing authentication in the GetLogFiles method, enabling unauthenticated retrieval of sensitive log files. Evidence in multiple sources confirms the affected software and the access c...

5.8CVSS5.6AI score0.00559EPSS
CVE
CVE
added 2023/10/25 8:44 a.m.36 views

CVE-2023-26572

CVE-2023-26572: Unauthenticated SQL injection in IDAttend IDWeb’s GetExcursionList method affects v3.1.052 and earlier. Exploitation by unauthenticated attackers can extract or modify all data via a network vector with low complexity, compromising confidentiality and integrity (C/H). No patch det...

9.8CVSS9.9AI score0.00759EPSS
CVE
CVE
added 2023/10/25 10:15 a.m.36 views

CVE-2023-27257

CVE-2023-27257 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The underlying issue is missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information via the affected endpoint (attack vector: network; impact: con...

7.5CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2023/10/25 8:34 a.m.35 views

CVE-2023-26568

CVE-2023-26568 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The vulnerability is an unauthenticated SQL injection in the GetStudentGroupStudents method, enabling an attacker to extract or modify data without credentials. The CVSS metrics indicate high confidentiality and i...

9.8CVSS9.9AI score0.00759EPSS