VYPR

IDWeb

by IDAttend

CVEs (30)

  • CVE-2023-27262CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-27260CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-27255CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-27254CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26584CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26583CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26582CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26581CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26572CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26569CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26568CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

  • CVE-2023-26578HigOct 25, 2023
    risk 0.57cvss 8.8epss 0.01

    Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

  • CVE-2023-26573HigOct 25, 2023
    risk 0.53cvss 8.2epss 0.01

    Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

  • CVE-2023-27377HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

  • CVE-2023-27376HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

  • CVE-2023-27375HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

  • CVE-2023-27259HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

  • CVE-2023-27258HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

  • CVE-2023-27257HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

  • CVE-2023-26580HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

Page 1 of 2