Vulnerabilities > Idattend > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-26568 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26569 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26572 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26573 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | 9.1 |
| 2023-10-25 | CVE-2023-26581 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26582 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26583 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-26584 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-27254 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |
| 2023-10-25 | CVE-2023-27255 | SQL Injection vulnerability in Idattend Idweb Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.1 |