Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in IDAttend's IDWeb application allows attackers to extract or modify all data via the GetAssignmentsDue method.
Vulnerability
An unauthenticated SQL injection vulnerability exists in the GetAssignmentsDue method of IDAttend's IDWeb application versions 3.1.052 and earlier [1]. The vulnerability allows an attacker to inject arbitrary SQL queries without requiring any authentication or prior access.
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the GetAssignmentsDue endpoint with malicious SQL payloads in the input parameters [1]. No authentication or user interaction is required, making the attack straightforward for any remote attacker.
Impact
Successful exploitation enables an unauthenticated attacker to extract or modify all data stored in the application's database [1]. This includes sensitive information and could lead to complete compromise of the application's data integrity and confidentiality.
Mitigation
The vulnerability is fixed in IDWeb version 3.1.053 [1]. Users should upgrade to this version or later immediately. No workarounds are documented in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.