Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in IDAttend IDWeb application allows attackers to extract or modify all data.
Vulnerability
The GetStudentInconsistencies method in IDAttend's IDWeb application versions 3.1.052 and earlier is vulnerable to unauthenticated SQL injection [1]. The vulnerability allows attackers to execute arbitrary SQL queries without authentication.
Exploitation
An unauthenticated attacker can send crafted HTTP requests to the GetStudentInconsistencies endpoint [1]. No authentication or special privileges are required. The attacker can manipulate SQL queries to extract or modify data.
Impact
Successful exploitation allows extraction or modification of all data in the application's database [1]. This includes sensitive information such as student records, and can lead to full compromise of data confidentiality and integrity.
Mitigation
The vulnerability is fixed in version 3.1.053 [1]. Users should upgrade to this version or later. There is no known workaround.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.