Vulnerabilities > Idattend > Idweb > 3.1.052

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-26577 Cross-site Scripting vulnerability in Idattend Idweb 3.1.013/3.1.052
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
network
low complexity
idattend CWE-79
5.4
5.4
2023-10-25 CVE-2023-26580 Files or Directories Accessible to External Parties vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
network
low complexity
idattend CWE-552
7.5
7.5
2023-10-25 CVE-2023-26581 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26582 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26583 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26584 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-27254 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-27255 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-27256 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
network
low complexity
idattend CWE-306
5.3
5.3
2023-10-25 CVE-2023-27257 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
7.5