Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in IDAttend's IDWeb GetVisitors method allows extraction or modification of all data.
Vulnerability
An unauthenticated SQL injection vulnerability exists in the GetVisitors method of IDAttend's IDWeb application, versions 3.1.052 and earlier (the version 3.1.013 was specifically tested). The flaw allows an attacker to inject arbitrary SQL commands through an unsanitized input parameter, affecting all data accessible to the application's database connection.
Exploitation
No authentication is required. The attacker simply sends a crafted HTTP request to the endpoint that invokes the GetVisitors method, injecting SQL payloads via the vulnerable parameter. No prior access or user interaction is needed; the attack can be performed over the network.
Impact
Successful exploitation enables unauthenticated attackers to extract, modify, or delete any data within the underlying database, compromising confidentiality, integrity, and availability of the application's data.
Mitigation
IDAttend has fixed the vulnerability in version 3.1.053 [1]. Organizations should upgrade to version 3.1.053 or later immediately. There is no known workaround aside from applying the patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.