Unauthenticated SQL Injection in GetStudentGroupStudents Method in IDAttend's IDWeb Application 3.1.052 and Earlier
CVE-2023-26568 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.