Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in IDAttend IDWeb's GetExcursionDetails method allows full data extraction or modification.
Vulnerability
An unauthenticated SQL injection vulnerability exists in the GetExcursionDetails method of IDAttend's IDWeb application. Affected versions are 3.1.052 and earlier, with discovery in version 3.1.013 [1]. The vulnerability allows an attacker to inject arbitrary SQL queries without requiring authentication.
Exploitation
An attacker needs network access to the IDWeb application. No authentication is required. The attacker can send crafted input to the GetExcursionDetails endpoint, injecting SQL commands. The exact exploitation steps are not detailed in the available reference, but standard SQL injection techniques apply.
Impact
Successful exploitation enables extraction or modification of all data in the database. This includes sensitive information, and the attacker can potentially alter or delete data. The impact is high confidentiality and integrity compromise.
Mitigation
The vulnerability is fixed in version 3.1.053 [1]. Users should upgrade to this version or later. No workarounds are mentioned in the reference. The application is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.