Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in IDAttend's IDWeb GetRoomChanges method allows full data extraction or modification by unauthenticated attackers.
Vulnerability
An unauthenticated SQL injection vulnerability exists in the GetRoomChanges method of IDAttend's IDWeb application. Affected versions include 3.1.052 and earlier, with discovery in version 3.1.013 [1]. The endpoint does not require authentication, allowing remote exploitation.
Exploitation
An attacker can exploit this vulnerability by sending crafted HTTP requests to the GetRoomChanges endpoint without any prior authentication. The lack of input sanitization allows the injection of malicious SQL queries, which are executed against the database.
Impact
Successful exploitation permits the attacker to extract or modify all data stored in the database. This includes sensitive information, leading to a complete compromise of confidentiality, integrity, and availability of the application's data.
Mitigation
The vulnerability is fixed in IDWeb version 3.1.053 [1]. All users should update to this version or later. No workarounds are documented; upgrading is the only recommended action.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.