Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26568: Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE
#sql#vulnerability#web#auth

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.013 allows extraction or modification of all data by unauthenticated attackers.

Affected Versions

Discovered in: 3.1.013

Fixed Versions

Fixed in: 3.1.053

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907