Vulnerabilities > Idattend

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-27256 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
network
low complexity
idattend CWE-306
5.3
2023-10-25 CVE-2023-27257 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27258 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27259 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27260 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-27261 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
network
low complexity
idattend CWE-306
6.5
2023-10-25 CVE-2023-27262 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-27375 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27376 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-27377 Improper Authentication vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-287
7.5