Missing Authentication In IDAttend’s IDWeb Application
Description
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authentication in IDAttend's IDWeb SearchStudentsStaff method allows unauthenticated attackers to extract sensitive student and teacher data.
Vulnerability
The SearchStudentsStaff method in IDAttend's IDWeb application versions 3.1.052 and earlier lacks authentication checks. This allows any unauthenticated user to invoke the method and retrieve sensitive data. The vulnerability was discovered in version 3.1.013 [1].
Exploitation
An attacker with network access to the IDWeb application can directly call the SearchStudentsStaff endpoint without any authentication or prior interaction. No special privileges or user interaction are required.
Impact
Successful exploitation enables an unauthenticated attacker to extract sensitive personally identifiable information (PII) of students and teachers, including names, contact details, and other confidential records.
Mitigation
The issue is fixed in IDWeb version 3.1.053 [1]. Organizations using affected versions should upgrade immediately. No workarounds have been disclosed.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.