Home/Product/idattend idweb
Product

idattend idweb

30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-27377
<= 3.1.052
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052
7.5HIGH
 CVE-2023-27376
<= 3.1.052
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlie
7.5HIGH
 CVE-2023-27375
<= 3.1.052
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlie
7.5HIGH
 CVE-2023-27262
<= 3.1.052
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows
9.8CRITICAL
 CVE-2023-27261
<= 3.1.052
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deleti
5.3MEDIUM
 CVE-2023-27260
<= 3.1.052
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows
9.8CRITICAL
 CVE-2023-27259
<= 3.1.052
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extractio
7.5HIGH
 CVE-2023-27258
<= 3.1.052
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retr
7.5HIGH
 CVE-2023-27257
<= 3.1.052
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retriev
7.5HIGH
 CVE-2023-27256
<= 3.1.052
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensi
5.8MEDIUM
 CVE-2023-27255
<= 3.1.052
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows e
9.8CRITICAL
 CVE-2023-27254
<= 3.1.052
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extra
9.8CRITICAL
 CVE-2023-26584
<= 3.1.052
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier al
9.8CRITICAL
 CVE-2023-26583
<= 3.1.052
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extra
9.8CRITICAL
 CVE-2023-26582
<= 3.1.052
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows ext
9.8CRITICAL
 CVE-2023-26581
<= 3.1.052
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction o
9.8CRITICAL
 CVE-2023-26580
<= 3.1.052
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the
7.5HIGH
 CVE-2023-26579
all versions
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by
5.3MEDIUM
 CVE-2023-26578
all versions
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous
8.8HIGH
 CVE-2023-26577
<= 3.1.052
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing sess
7.5HIGH
 CVE-2023-26576
<= 3.1.052
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction
7.5HIGH
 CVE-2023-26575
<= 3.1.052
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction
7.5HIGH
 CVE-2023-26574
<= 3.1.052
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensit
7.5HIGH
 CVE-2023-26573
<= 3.1.052
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft
8.2HIGH
 CVE-2023-26572
<= 3.1.052
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extracti
9.8CRITICAL
 CVE-2023-26571
<= 3.1.052
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of
7.5HIGH
 CVE-2023-26570
<= 3.1.052
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows ex
7.5HIGH
 CVE-2023-26569
<= 3.1.052
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier al
9.8CRITICAL
 CVE-2023-26568
<= 3.1.052
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows e
9.8CRITICAL
 CVE-2023-1356
< 3.1.053
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacki
7.5HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh