Unauthenticated Access to Student and Teacher Data in IDAttend's IDWeb Application 3.1.052 and Earlier
CVE-2023-27258 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
Learn more about our Web App Pen Testing.