Known Vulnerabilities for products from Idattend
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Idattend".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-27377 json | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27376 json | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and e... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27375 json | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and e... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27262 json | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier al... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-27261 json | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows d... | 6.5 - MEDIUM | 2023-10-25 | 2023-10-28 |
| CVE-2023-27260 json | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier al... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-27259 json | Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extr... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27258 json | Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27257 json | Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows re... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-27256 json | Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of ... | 5.3 - MEDIUM | 2023-10-25 | 2023-10-28 |
| CVE-2023-27255 json | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier all... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-27254 json | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows ... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-26584 json | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earli... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-26583 json | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows ... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-26582 json | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allow... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-26581 json | Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extract... | 9.1 - CRITICAL | 2023-10-25 | 2023-10-28 |
| CVE-2023-26580 json | Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on... | 7.5 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-26579 json | Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff informati... | 5.3 - MEDIUM | 2023-10-25 | 2023-10-28 |
| CVE-2023-26578 json | Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dang... | 8.8 - HIGH | 2023-10-25 | 2023-10-28 |
| CVE-2023-26577 json | Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing... | 5.4 - MEDIUM | 2023-10-25 | 2023-10-28 |