Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Description
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated SQL injection in IDAttend's IDWeb application allows full data extraction or modification.
Vulnerability
An unauthenticated SQL injection vulnerability exists in the GetAssignmentsDue method of IDAttend's IDWeb application version 3.1.052 and earlier [1]. The flaw allows an attacker to inject arbitrary SQL commands without requiring any authentication or prior access [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint, injecting malicious SQL code via the GetAssignmentsDue method [1]. No authentication is needed, and the attack can be performed remotely over the network [1].
Impact
Successful exploitation enables an unauthenticated attacker to extract or modify all data stored in the database [1]. This includes reading sensitive information and potentially altering or deleting data, leading to complete compromise of confidentiality and integrity [1].
Mitigation
The vulnerability is fixed in version 3.1.053 [1]. Users should upgrade to this version or later immediately. No other workarounds are mentioned in the available reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.