Search criteria
90 vulnerabilities found for idweb by idattend
FKIE_CVE-2023-27260
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27260",
"lastModified": "2024-11-21T07:52:32.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.587",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26584
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetStudentInconsistencies en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26584",
"lastModified": "2024-11-21T07:51:48.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.180",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27259
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de estudiantes y profesores."
}
],
"id": "CVE-2023-27259",
"lastModified": "2024-11-21T07:52:32.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.527",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27255
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo DeleteRoomChanges en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27255",
"lastModified": "2024-11-21T07:52:32.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.297",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27377
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_EmergencyContactDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-27377",
"lastModified": "2024-11-21T07:52:47.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.897",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27262
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27262",
"lastModified": "2024-11-21T07:52:33.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.713",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27258
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetStudentGroupStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la recuperaci\u00f3n de datos de estudiantes y profesores por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27258",
"lastModified": "2024-11-21T07:52:32.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.470",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27257
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the GetActiveToiletPasses method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetActiveToiletPasses en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados recuperen la informaci\u00f3n de los estudiantes."
}
],
"id": "CVE-2023-27257",
"lastModified": "2024-11-21T07:52:32.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.410",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26583
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetCurrentPeriod en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26583",
"lastModified": "2024-11-21T07:51:47.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.127",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27254
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetRoomChanges en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27254",
"lastModified": "2024-11-21T07:52:32.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.240",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26582
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetExcursionDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26582",
"lastModified": "2024-11-21T07:51:47.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.070",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26582"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27261
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the DeleteAssignments method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo DeleteAssignments en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la eliminaci\u00f3n de datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27261",
"lastModified": "2024-11-21T07:52:33.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.657",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27375
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_ContactDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-27375",
"lastModified": "2024-11-21T07:52:46.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.773",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26581
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetVisitors method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetVisitors en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26581",
"lastModified": "2024-11-21T07:51:47.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.010",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26581"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27256
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the GetLogFiles method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetLogFiles en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la recuperaci\u00f3n de archivos de registro confidenciales por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-27256",
"lastModified": "2024-11-21T07:52:32.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.353",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27376
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_StudentDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-27376",
"lastModified": "2024-11-21T07:52:47.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:26.837",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26570
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the StudentPopupDetails_Timetable method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_Timetable en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-26570",
"lastModified": "2024-11-21T07:51:46.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.337",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26570"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26574
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the SearchStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-26574",
"lastModified": "2024-11-21T07:51:46.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.577",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26574"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26571
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the SetStudentNotes method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo SetStudentNotes en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la modificaci\u00f3n de los datos de los estudiantes por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26571",
"lastModified": "2024-11-21T07:51:46.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.397",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26571"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26579
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*",
"matchCriteriaId": "2E83E186-DB76-4468-9BDE-E15B437E81EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the DeleteStaff method in IDAttend\u2019s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo DeleteStaff en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite que atacantes no autenticados eliminen informaci\u00f3n del personal."
}
],
"id": "CVE-2023-26579",
"lastModified": "2024-11-21T07:51:47.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.897",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26579"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26573
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the SetDB method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo SetDB en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la Denegaci\u00f3n de Servicio (DoS) o el robo de credenciales de inicio de sesi\u00f3n de la base de datos."
}
],
"id": "CVE-2023-26573",
"lastModified": "2024-11-21T07:51:46.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.513",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26573"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26576
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the SearchStudentsRFID method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudentsRFID en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
}
],
"id": "CVE-2023-26576",
"lastModified": "2024-11-21T07:51:47.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.720",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26576"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26575
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication in the SearchStudentsStaff method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudentsStaff en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de estudiantes y profesores."
}
],
"id": "CVE-2023-26575",
"lastModified": "2024-11-21T07:51:47.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.650",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26575"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26580
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. "
},
{
"lang": "es",
"value": "Un archivo arbitrario no autenticado le\u00eddo en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite la recuperaci\u00f3n de cualquier archivo presente en el servidor web por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26580",
"lastModified": "2024-11-21T07:51:47.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.950",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26580"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26572
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetExcursionList method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetExcursionList en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26572",
"lastModified": "2024-11-21T07:51:46.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.457",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26572"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26577
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. "
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Almacenado en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permiten a los atacantes secuestrar la sesi\u00f3n de navegaci\u00f3n del usuario que ha iniciado sesi\u00f3n."
}
],
"id": "CVE-2023-26577",
"lastModified": "2024-11-21T07:51:47.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.780",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26577"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26578
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*",
"matchCriteriaId": "2E83E186-DB76-4468-9BDE-E15B437E81EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload to web root in the IDAttend\u2019s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. "
},
{
"lang": "es",
"value": "La carga arbitraria de archivos a la ra\u00edz de la web en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite a atacantes autenticados cargar archivos peligrosos a la ra\u00edz web, como ASP o ASPX, obteniendo la ejecuci\u00f3n de comandos en el servidor afectado."
}
],
"id": "CVE-2023-26578",
"lastModified": "2024-11-21T07:51:47.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.837",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26578"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26568
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetStudentGroupStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26568",
"lastModified": "2024-11-21T07:51:46.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.217",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26568"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-26569
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B",
"versionEndIncluding": "3.1.052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
},
{
"lang": "es",
"value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo StudentPopupDetails_Timetable en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
}
],
"id": "CVE-2023-26569",
"lastModified": "2024-11-21T07:51:46.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.277",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26569"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-1356
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:39
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
References
| URL | Tags | ||
|---|---|---|---|
| vdp@themissinglink.com.au | https://www.themissinglink.com.au/security-advisories/cve-2023-1356 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.themissinglink.com.au/security-advisories/cve-2023-1356 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB54802E-0128-49AA-90B1-945564743E86",
"versionEndExcluding": "3.1.053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting in the StudentSearch component in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows hijacking of a user\u2019s browsing session by attackers who have convinced the said user to click on a malicious link."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Reflejado en el componente StudentSearch en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permiten el secuestro de la sesi\u00f3n de navegaci\u00f3n de un usuario por parte de atacantes que han convencido a dicho usuario de hacer clic en un enlace malicioso."
}
],
"id": "CVE-2023-1356",
"lastModified": "2024-11-21T07:39:01.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:22.873",
"references": [
{
"source": "vdp@themissinglink.com.au",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356"
}
],
"sourceIdentifier": "vdp@themissinglink.com.au",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vdp@themissinglink.com.au",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}