Unauthenticated Extraction of Sensitive Data in IDAttend's IDWeb Application 3.1.052 and Earlier

Unauthenticated Extraction of Sensitive Data in IDAttend's IDWeb Application 3.1.052 and Earlier

CVE-2023-27259 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

Learn more about our Web App Pen Testing.