Vulnerabilities > Idattend
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-27256 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.3 |
| 2023-10-25 | CVE-2023-27257 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27258 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27259 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27260 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-27261 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 |
| 2023-10-25 | CVE-2023-27262 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-27375 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27376 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |
| 2023-10-25 | CVE-2023-27377 | Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 |