Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26579 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 5.3 MEDIUM |
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | |||||
CVE-2023-26572 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 6.5 MEDIUM |
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
CVE-2023-26581 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 7.5 HIGH |
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||||
CVE-2023-26580 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 7.5 HIGH |
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
CVE-2023-26568 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-02-28 | N/A | 7.5 HIGH |
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. |