Headline
CVE-2023-26572: Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
Discovered by Jack Misiura on behalf of The Missing Link Security
Vulnerability Details
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.013 allows extraction or modification of all data by unauthenticated attackers.
Affected Versions
Discovered in: 3.1.013
Fixed Versions
Fixed in: 3.1.053