30 matches found
CVE-2023-27255
The CVE concerns IDAttend’s IDWeb application, affected in version 3.1.052 and earlier. The vulnerability is an unauthenticated SQL injection in the DeleteRoomChanges method, allowing an attacker to extract or modify all data without authentication. Multiple connected sources align on the core is...
CVE-2023-27260
CVE-2023-27260 affects IDAttend’s IDWeb application (versions up to 3.1.052). The connected documents describe an unauthenticated SQL injection in the GetAssignmentsDue method, allowing extraction or modification of all data. The vulnerability is network-accessible with no privileges and no user ...
CVE-2023-26579
CVE-2023-26579 affects IDAttend IDWeb application version 3.1.013. The vulnerability is lack of authentication in the DeleteStaff method, enabling unauthenticated attackers to delete staff information. Documented impact is deletion of staff data with network-level access and no privileges require...
CVE-2023-26569
IDAttend IDWeb (versions 3.1.052 and earlier) is affected by an unauthenticated SQL injection in the StudentPopupDetails_Timetable method. The vulnerability allows an attacker to read and modify data without authentication. The reports consistently describe a high-severity impact with potential d...
CVE-2023-27254
IDAttend IDWeb application, versions 3.1.052 and earlier, contains an unauthenticated SQL injection in the GetRoomChanges method. The vulnerability allows extraction or modification of all data by unauthenticated attackers. No exploitation details are provided in the documents beyond the descript...
CVE-2023-1356
CVE-2023-1356 affects IDAttend IDWeb (versions 3.1.052 and earlier) with a reflected cross-site scripting vulnerability in the StudentSearch component. The root cause is reflected XSS that enables session hijacking when a user clicks a malicious link. Impact is session hijack capability; potentia...
CVE-2023-27261
CVE-2023-27261 affects IDAttend’s IDWeb application, version 3.1.052 and earlier. The root cause is missing authentication in the DeleteAssignments method, enabling unauthenticated actors to delete data. Reported impact states data deletion possible without credentials; CVSS bases show Medium sev...
CVE-2023-27375
The vulnerability CVE-2023-27375 affects the IDAttend IDWeb application (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_ContactDetails method, enabling unauthenticated attackers to extract sensitive student data. Impact is described as high conf...
CVE-2023-27377
CVE-2023-27377 affects IDAttend’s IDWeb app (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_EmergencyContactDetails method, enabling unauthenticated attackers to exfiltrate sensitive student data over the network. The cvss 3.1 data indicates hig...
CVE-2023-26578
CVE-2023-26578 affects IDAttend IDWeb 3.1.013. The vulnerability is an arbitrary file upload to the web root by authenticated users, enabling uploading of dangerous files (e.g., ASP/ASPX) and resulting in command execution on the server. Affected component: IDWeb application’s upload handling. Im...
CVE-2023-26575
CVE-2023-26575 affects IDAttend’s IDWeb application, versions 3.1.052 and earlier. The vulnerability lies in the SearchStudentsStaff method, where missing authentication allows unauthenticated attackers to extract sensitive student and teacher data. CVSS 3.1 base score is 7.5 (HIGH) with NETWORK ...
CVE-2023-26580
The vulnerability CVE-2023-26580 affects IDAttend’s IDWeb application 3.1.013, allowing unauthenticated arbitrary file read and access to files on the web server. Documented impact specifies unauthenticated access with high confidentiality impact (C: High, I: None, A: None) and network/low comple...
CVE-2023-26581
The IDWeb application (IDWeb) used by IDAttend is affected: vulnerable in versions 3.1.052 and earlier, via an unauthenticated SQL injection in the GetVisitors method. Root cause is improper handling/exposure of data through GetVisitors, enabling attackers to extract or modify all data. Impact is...
CVE-2023-26583
The CVE-2023-26583 entry concerns an unauthenticated SQL injection in the GetCurrentPeriod method of IDAttend’s IDWeb application (versions ≤ 3.1.052). The vulnerability allows an attacker to extract or modify all data without authentication, as described across multiple sources. The documents do...
CVE-2023-27376
CVE-2023-27376 affects IDAttend IDWeb (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_StudentDetails method, enabling unauthenticated attackers to extract sensitive student data. Documents indicate the vulnerability exists in IDWeb v3.1.052 and ...
CVE-2023-26584
CVE-2023-26584 concerns unauthenticated SQL injection in the GetStudentInconsistencies method of IDAttend’s IDWeb application (version 3.1.052 and earlier). The vulnerability can allow extraction or modification of all data by an unauthenticated attacker. Reported CVSS assessments indicate high i...
CVE-2023-27258
CVE-2023-27258 affects the IDAttend IDWeb application, versions 3.1.052 and earlier. The root cause is a missing authentication check in the GetStudentGroupStudents method, allowing unauthenticated attackers to retrieve student and teacher data. Exploitation status is not specified in the provide...
CVE-2023-27262
Vulnerability (CVE-2023-27262) : Unauthenticated SQL injection in the GetAssignmentsDue method of IDAttend’s IDWeb application (versions up to 3.1.052) allows unauthenticated attackers to read/modify data. Affects: IDWeb; root cause: improper SQL handling in GetAssignmentsDue. Impact: high confid...
CVE-2023-26576
IDWeb application versions 3.1.052 and earlier suffer from missing authentication in the SearchStudentsRFID method, enabling unauthenticated attackers to extract sensitive student data. Root cause: inadequate access control on the SearchStudentsRFID endpoint. Impact: exposure of sensitive student...
CVE-2023-26571
IDAttend IDWeb application, version 3.1.052 and earlier, exposes a missing authentication flaw in the SetStudentNotes method that allows unauthenticated attackers to modify student data (integrity impact). The issue is confirmed across multiple sources in Connected documents; the root cause is la...
CVE-2023-26573
The CVE-2023-26573 entry concerns IDAttend IDWeb, affected in versions 3.1.052 and earlier. The underlying issue is missing authentication in the SetDB method, enabling either denial of service or theft of database login credentials. Reported impact is described in multiple sources without concre...
CVE-2023-26577
CVE-2023-26577 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The issue is a stored cross-site scripting vulnerability that allows an attacker to hijack the browsing session of a logged-in user. Root cause: stored XSS in the IDWeb component. Impact is session hijacking as de...
CVE-2023-26574
CVE-2023-26574 concerns the IDAttend IDWeb application (versions 3.1.052 and earlier). The root cause is a missing authentication check in the SearchStudents method, allowing unauthenticated attackers to extract sensitive student data. Impact, per sources, is elevated by the ability to access con...
CVE-2023-27259
IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...
CVE-2023-26570
CVE-2023-26570 affects IDAttend IDWeb, version 3.1.052 and earlier. A missing authentication in the StudentPopupDetails_Timetable method allows unauthenticated attackers to extract sensitive student data (confidentiality impact HIGH; CVSS 3.1 base 7.5). Remediation guidance across sources include...
CVE-2023-26582
CVE-2023-26582 affects IDAttend’s IDWeb application. The issue is an unauthenticated SQL injection in the GetExcursionDetails method, enabling attackers to extract or modify data. Affected are IDWeb versions 3.1.052 and earlier. The vulnerability is described across multiple sources (e.g., NVD/Re...
CVE-2023-27256
The CVE-2023-27256 issue affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The root cause is missing authentication in the GetLogFiles method, enabling unauthenticated retrieval of sensitive log files. Evidence in multiple sources confirms the affected software and the access c...
CVE-2023-26572
CVE-2023-26572: Unauthenticated SQL injection in IDAttend IDWeb’s GetExcursionList method affects v3.1.052 and earlier. Exploitation by unauthenticated attackers can extract or modify all data via a network vector with low complexity, compromising confidentiality and integrity (C/H). No patch det...
CVE-2023-27257
CVE-2023-27257 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The underlying issue is missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information via the affected endpoint (attack vector: network; impact: con...
CVE-2023-26568
CVE-2023-26568 affects IDAttend’s IDWeb application (versions 3.1.052 and earlier). The vulnerability is an unauthenticated SQL injection in the GetStudentGroupStudents method, enabling an attacker to extract or modify data without credentials. The CVSS metrics indicate high confidentiality and i...