Vulnerabilities > Idattend

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-27256 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
network
low complexity
idattend CWE-306
5.3
2023-10-25 CVE-2023-27257 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27258 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27259 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27260 SQL Injection vulnerability in Idattend Idweb
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-27261 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
network
low complexity
idattend CWE-306
6.5
2023-10-25 CVE-2023-27262 SQL Injection vulnerability in Idattend Idweb
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-27375 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27376 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27377 Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-287
7.5