Vulnerabilities > Idattend > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-26568 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26569 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26572 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26573 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
network
low complexity
idattend CWE-306
critical
 9.1
9.1
2023-10-25 CVE-2023-26581 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26582 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26583 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-26584 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-27254 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1
2023-10-25 CVE-2023-27255 SQL Injection vulnerability in Idattend Idweb 3.1.013/3.1.052
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
 9.1
9.1