CVE-2023-26569

Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.013 allows extraction or modification of all data by unauthenticated attackers.

Affected Versions

Discovered in: 3.1.013

Fixed Versions

Fixed in: 3.1.053