Every CVE whose affected-product data names Idattend Idweb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2023-27262 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26581 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26582 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26583 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26584 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows…
CVE-2023-27254 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-27255 — CVSS 9.8 (critical): Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-27260 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26569 — CVSS 9.8 (critical): Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows…
CVE-2023-26572 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or…
CVE-2023-26568 — CVSS 9.8 (critical): Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction…
CVE-2023-26578 — CVSS 8.8 (high): Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to…
CVE-2023-26573 — CVSS 8.2 (high): Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of…
CVE-2023-27377 — CVSS 7.5 (high): Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier…
CVE-2023-26570 — CVSS 7.5 (high): Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction…
CVE-2023-26571 — CVSS 7.5 (high): Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student…
CVE-2023-26574 — CVSS 7.5 (high): Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive…
CVE-2023-26575 — CVSS 7.5 (high): Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive…
CVE-2023-26576 — CVSS 7.5 (high): Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive…
CVE-2023-26577 — CVSS 7.5 (high): Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of…
CVE-2023-26580 — CVSS 7.5 (high): Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web…
CVE-2023-27257 — CVSS 7.5 (high): Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of…
CVE-2023-27258 — CVSS 7.5 (high): Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of…
CVE-2023-27259 — CVSS 7.5 (high): Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive…
CVE-2023-27375 — CVSS 7.5 (high): Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows…
CVE-2023-27376 — CVSS 7.5 (high): Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows…
CVE-2023-1356 — CVSS 7.5 (high): Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a…
CVE-2023-27256 — CVSS 5.8 (medium): Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log…
CVE-2023-27261 — CVSS 5.3 (medium): Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by…
CVE-2023-26579 — CVSS 5.3 (medium): Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by…