Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Vulnerability

An unauthenticated SQL injection vulnerability exists in the GetStudentGroupStudents method of IDAttend's IDWeb application. Versions 3.1.052 and earlier are affected; the issue was discovered in version 3.1.013 [1]. The method does not properly sanitize user-supplied input, allowing an attacker to inject arbitrary SQL commands without any authentication.

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint. No prior authentication or user interaction is required. The attacker simply needs network access to the IDWeb application. By injecting SQL commands into the GetStudentGroupStudents method parameters, the attacker can execute arbitrary SQL queries against the backend database.

Impact

Successful exploitation allows an unauthenticated attacker to extract or modify all data stored in the database. This includes sensitive information such as student records, credentials, and other application data. The attacker gains full read and write access to the database, leading to complete compromise of data confidentiality, integrity, and availability.

Mitigation

The vulnerability is fixed in IDWeb version 3.1.053 [1]. Organizations using affected versions should upgrade immediately. No workarounds are documented in the available references.